asp.net membership change password without knowing old one

asp.netasp.net MembershipForgot PasswordChange Password

asp.net Problem Overview

Evaluting the method signature, it is required to know old password while changing it.

membershipUser.ChangePassword(userWrapper.OldPassword, userWrapper.Password)

Is there any way to change password without knowing old one.

asp.net Solutions

Solution 1 - asp.net

 string username = "username";
 string password = "newpassword";
 MembershipUser mu = Membership.GetUser(username);
 mu.ChangePassword(mu.ResetPassword(), password);

Solution 2 - asp.net

The other answers here are correct, but can leave the password in an unknown state.

ChangePassword will throw exceptions if the password doesn't meet the requirements laid out in Web.Config (minimum length, etc.). But it only fails after ResetPassword has been called, so the password will not be known to the original user or to the person who's tried to change it. Check for complexity requirements before changing the password to avoid this:

var user = Membership.GetUser(userName, false);

if ((newPassword.Length >= Membership.MinRequiredPasswordLength) &&
    (newPassword.ToCharArray().Count(c => !Char.IsLetterOrDigit(c)) >=
         Membership.MinRequiredNonAlphanumericCharacters) &&
    ((Membership.PasswordStrengthRegularExpression.Length == 0) ||
         Regex.IsMatch(newPassword, Membership.PasswordStrengthRegularExpression))) {

    user.ChangePassword(user.ResetPassword(), newPassword);
} else {
    // Tell user new password isn't strong enough
}

Solution 3 - asp.net

You need to reset the user's password before changing it, and pass in the generated password to ChangePassword.

string randompassword = membershipUser.ResetPassword();
membershipUser.ChangePassword(randompassword , userWrapper.Password)

or inline:

membershipUser.ChangePassword(membershipUser.ResetPassword(), userWrapper.Password)

Solution 4 - asp.net

Try to use SimpleMembershipProvider it's easier:

var token = WebSecurity.GeneratePasswordResetToken("LoginOfUserToChange");
WebSecurity.ResetPassword(token, "YourNewPassword");

Solution 5 - asp.net

Please note, all these mentioned solutions will only work if the RequiresQuestionAndAnswer property is set to false in Membership system configuration. If RequiresQuestionAndAnswer is true then the ResetPassword method needs to be passed the security answer, otherwise it will throw an exception.

In case you need RequiresQuestionAndAnswer set to true, you can use this workaround

Solution 6 - asp.net

This code mentioned on posts above is working:

string username = "username";
string password = "newpassword";
MembershipUser mu = Membership.GetUser(username);
mu.ChangePassword(mu.ResetPassword(), password);

But you have to set requiresQuestionAndAnswer="false" in web.config in membership provider tag. If it is true, resetpassword method generate an error "Value can not be null". In this case you must supply question answer as parameter to ResetPassword.

Solution 7 - asp.net

Use the password you want to set from textbox in place of 123456.

 MembershipUser user;     
 user = Membership.GetUser(userName,false);
 user.ChangePassword(user.ResetPassword(),"123456");

Solution 8 - asp.net

@Rob Church is right:

> The other answers here are correct but can leave the password in an > unknown state.

However, instead of his solution to do the validation by hand, I would try to change the password using the ResetPassword from token method and catch and show the error:

var user = UserManager.FindByName(User.Identity.Name);
string token = UserManager.GeneratePasswordResetToken(user.Id);
var result = UserManager.ResetPassword(user.Id, token, model.Password);
if (!result.Succeeded){
    // show error
}

Solution 9 - asp.net

string username = "UserName";
string userpassword = "NewPassword";
string resetpassword;
    
MembershipUser mu = Membership.GetUser(username, false);

if (mu == null){
    Response.Write("<script>alert('Invalid Username!')</script>"); 
}

else{
    resetpassword = mu.ResetPassword(username);
    if (resetpassword != null){
         if (mu.ChangePassword(resetpassword, userpassword)){
             Response.Write("<script>alert('Password changed successfully!')</script>"); 
         }
    }
    else{
           Response.Write("<script>alert('Oh some error occurred!')</script>"); 
        }
    }

Solution 10 - asp.net

 string username = "UserName";
 string userpassword = "NewPassword";   
 MembershipUser mu = Membership.GetUser(username, false);
 mu.ChangePassword(mu.ResetPassword(username), userpassword);
Categories
Recommended asp.net Solutions
Recommended asp.net Membership Solutions
Recommended Forgot Password Solutions
Recommended Change Password Solutions

Previous Solution:

LogCat Stops Running in Eclipse Needs Restart

AndroidEclipseLogcat

Next Solution:

MySQL find_in_set with multiple search string

MysqlSearch

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionLalitView Question on Stackoverflow
Solution 1 - asp.netajmaView Answer on Stackoverflow
Solution 2 - asp.netRob ChurchView Answer on Stackoverflow
Solution 3 - asp.netGeoff ApplefordView Answer on Stackoverflow
Solution 4 - asp.netJakeView Answer on Stackoverflow
Solution 5 - asp.netKate MoskalenkoView Answer on Stackoverflow
Solution 6 - asp.netIvoAtanasovView Answer on Stackoverflow
Solution 7 - asp.netankit rajputView Answer on Stackoverflow
Solution 8 - asp.netPotcoava MihaiView Answer on Stackoverflow
Solution 9 - asp.netAayesha MansuriView Answer on Stackoverflow
Solution 10 - asp.netAayesha MansuriView Answer on Stackoverflow