7

I code in C# (ASP.NET) and am using Forms authentication.
I would like to know which is the best method to change a user password without using the asp:ChangePassword control.
I dont want to use the reset password method.
I just want to grab the password i have inside my textbox and replace it with my older password.
Please note that the PasswordFormat I use is passwordFormat="Hashed"
Some code snippets would be helpful

Edit:

In my web.config, I have set enablePasswordRetrieval="false"
I used the following method

var myUser = Membership.GetUser(userID);
bool isChangeSuccess = myUser.ChangePassword(
    myUser.GetPassword(),
    ActivateUserPasswordText.Text.Trim());

It gives me the error,

This Membership Provider has not been configured to support password retrieval.

What could be done to solve these issues? I would really like my PasswordFormat to be hash itself.

Regards,
Naveen Jose

Improve this question

5 Answers 5

Reset to default
18

Got it solved. Thanks to my fellow developer.

var myUser = Membership.GetUser(userID);
bool isChangeSuccess = myUser.ChangePassword(
    myUser.ResetPassword(),
    ActivateUserPasswordText.Text.Trim());

Can't say I liked it much though. I thought ResetPassword() would be returning a bool.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It returns a string with a random generated new password msdn.microsoft.com/en-us/library/…
@JPHellemons: I said I thought :)
3

Assuming you are using the ASP.NET security thingies.

System.Web.Security.MembershipProvider.ChangePassword method

Improve this answer

Comments

2

Only the Hash value for the passwords are usually stored by the asp.net membership provider, so it is not possible to retrieve the original password. It is possible to change this behavior by configuration, but it is not recommended.
Simply ask the user to enter the old password also while changing the password. You can use the old password entered by the user in the User.ChangePassword method and it should work fine.

Improve this answer

1 Comment

My intention was to create a retrieve password for lost passwords
1

This Membership Provider has not been configured to support password retrieval.

The above message is displayed because of your password format will be salt and so that you can't get the password of the user. If you want to do this change the password format and try again.

Improve this answer

1 Comment

thanks dileep. i was more curious on how to retrieve the old password and ChangePassword does require old password as its parameter.
1

On the off chance someone is using the ApplicationUser and not the Membership - as I was because I did not want to set a Membership Provider - you can change the password this way:

            Dim manager = New UserManager()
            Dim userChange As ApplicationUser = manager.FindById(IDUser)

            userChange.PasswordHash = manager.PasswordHasher.HashPassword(newPassword.Value)
            Dim val As Object = manager.Update(userChange)

Hope this helps someone

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.