Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do you change a hashed password using asp.net membership provider if you don't know the current password?

Problem, there's no method:

bool ChangePassword(string newPassword);

You have to know the current password (which is probably hashed and forgotten).

like image 354
mcqwerty Avatar asked Nov 13 '08 15:11

mcqwerty


People also ask

How can I reset my asp net membership password?

MembershipUser usr = Membership. GetUser(username); string resetPwd = usr. ResetPassword(); usr. ChangePassword(resetPwd, newPassword);

How can I use ASP net membership provider?

The ASP.NET membership provider is a feature that enables ASP.NET developers to create Web sites that allow users to create unique user name and password combinations. With this facility, any user can establish an account with the site, and sign in for exclusive access to the site and its services.

How can we implement membership provider in ASP NET MVC?

Let's create a application for membership provider ASP.NET MVC. Step 1: Go to visual studio and click on new project -> a window will open from here select a 'ASP.NET MVC4 web application' and give the name for this project in my case I give it as “MVCMembershipProvider ".

What is membership in web config?

The membership element is a sub-element of the system. web section. You can enable ASP.NET Membership for an application by directly editing the Web. config file for that application, or you can use the Web Site Administration Tool, which provides a wizard-based interface.


2 Answers

This is an easy one that I wasted too much time on. Hopefully this post saves someone else the pain of slapping their forehead as hard as I did.

Solution, reset the password randomly and pass that into the change method.

MembershipUser u = Membership.GetUser(); u.ChangePassword(u.ResetPassword(), "myAwesomePassword"); 
like image 138
mcqwerty Avatar answered Nov 07 '22 06:11

mcqwerty


You are not able to change the password if the requiresQuestionAndAnswer="true"

I got the work around for this

Created two membership providers in web.config

i am using the AspNetSqlMembershipProviderReset provider for reseting the password since it has the requiresQuestionAndAnswer= false where as AspNetSqlMembershipProvider is the default provider used.

i wrote the following code to reset the password for the user.

public bool ResetUserPassword(String psUserName, String psNewPassword) { try { // Get Membership user details using secound membership provider with required question answer set to false.

        MembershipUser currentUser = Membership.Providers["AspNetSqlMembershipProviderReset"].GetUser(psUserName,false);          //Reset the user password.         String vsResetPassword = currentUser.ResetPassword();                      //Change the User password with the required password                     currentUser.ChangePassword(vsResetPassword, psNewPassword);         //Changed the comments to to force the user to change the password on next login attempt         currentUser.Comment = "CHANGEPASS";         //Check if the user is locked out and if yes unlock the user         if (currentUser.IsLockedOut == true)         {             currentUser.UnlockUser();         }         Membership.Providers["AspNetSqlMembershipProviderReset"].UpdateUser(currentUser);            return true;     }     catch (Exception ex)     {         throw ex;         return false;     } } 
like image 39
Mangesh Shelar Avatar answered Nov 07 '22 05:11

Mangesh Shelar