Tuesday, December 23, 2008

Asp.Net Membership: How to change a user's password from an admin account without knowing the current password?

Like mine, you may also need to change a user's password from an admin account. By default, when you are using ASP.Net authentication and storing the password in the hashed format, you will not be able to see the existing password in its decrypted form. Also, to change a password using the Membership API, you will need to know the existing password. However, here is a simple solution to the problem -

AspNetChangePassword

The idea is, you can reset the password of a user using the following code-

string tempPass = Membership.Provider.ResetPassword("username", string.Empty)

Make sure you have the config that allows you to change password without an answer to the security question. Now, you can invoke the ChangePassword method using this tempPass as the existing pass and your custom password as the new password. Refer to the following line for a compact implementation-

Membership.Provider.ChangePassword("username", Membership.Provider.ResetPassword("username", string.Empty), "custompass")

I believe this will save your time with a similar need.