Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Page History: Changing Password without the Old Password - ASP.NET Membership API

Compare Page Revisions



« Older Revision - Back to Page History - Newer Revision »


Page Revision: Mon, Apr 23, 2012, 4:06 PM


Overview

It's common for a system administrator to be able to change a user's password without knowing the old password. However, the ASP.NET Membership API doesn't have a method for doing this directly. This article explains a work-around.

Solution

Web.Config

You will need to have a second membership providers configured for administrative purposes. Note that requiresQuestionAndAnswer is false for the admin provider.

<membership defaultProvider="MyMembershipProvider">
  <providers>
    <clear/>
    <add
        name="MyMembershipProvider" type="System.Web.Security.SqlMembershipProvider" applicationName="/"
        connectionStringName="MySqlClient" enablePasswordRetrieval="false" enablePasswordReset="true"
        requiresQuestionAndAnswer="true" requiresUniqueEmail="false" maxInvalidPasswordAttempts="1000"
        minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
        />
    <add
        name="MyMembershipProviderAdmin" type="System.Web.Security.SqlMembershipProvider" applicationName="/"
        connectionStringName="MySqlClient" enablePasswordRetrieval="false" enablePasswordReset="true"
        requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5"
        minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
        />
  

Application Code

System.Web.Security.MembershipUser UserInfo 
    = Membership.Providers["MyMembershipProviderAdmin"].GetUser(userName, false);

//If the admin does not supply a password then
//the system will reset password to system defined password
//and we will change that to the specified password
if (CurrentPassword == "")
    CurrentPassword = UserInfo.ResetPassword();

bool IsUpdated = UserInfo.ChangePassword(CurrentPassword, Password);

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2024, Patrick Jasinski.