Change another users password 1

[dorianr]

I'm using the membership and role provider in an ASP.NET 2 application. My client does not want users to recover their own passwords. I have set up an administration page that will enable application administrators to add/remove users and assign roles. I want to add capability to reset another users password. I tried to use the change password control, but it requires the old password. I'm new at this, so maybe there is a simple answer.
Thanks

 

[jbenson001]

You need the old password, no way around it that I have found.

 

[dorianr]

If they knew the old password, then it wouldn't need to be reset. In my experience, many users will forget their passwords. I'm looking for another method (besides the PasswordRecovery object).

 

[BoulderBum]

Haven't tested, but something like this should work:

MembershipUser user = Membership.GetUserNameByEmail("person@company.com");
string newPassword = user.ResetPassword();

//best to send generated password, but you can do this:
user.ChangePassword(newPassword, "value YOU define");

 

[dorianr]

ChangePassword didn't work because it needs the old password. I ended up using ResetPassword, but this is not the best choice, because I still need to know the security answer.

What happens if a user forgets their password and the security answer? It seems that there has to be a way around this, or is there no hope?

 

[BoulderBum]

Nah, it actually should be very simple. Set up a second provider in web.config that you can name "AdminProvider" or something where the settings are identical to the default provider, except requiresQuestionAndAnswer is configured to false. All you have to do for your special administrator page is use the second provider.

Programmatically, it would look something like this (assuming the ProviderName is "AdminProvider");

Membership.Providers["AdminProvider"].GetUser().ResetPassword();