Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Changing a users password without knowing the old password nor the answer to the password question

Reply
Thread Tools

Changing a users password without knowing the old password nor the answer to the password question

 
 
AAaron123
Guest
Posts: n/a
 
      01-15-2009
I've been trying to create the capability of changing a users password
without knowing the old password nor the answer to the password question.

Without success!

I googled a few times, also without success.

I think I need a custom provider since the default one I use to create a
user account is:

<membership>
<providers>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true"
applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>

Based on the note below I wonder if I could change the password if I knew
how to make a second AspNetSqlMembershipProvider in my solution and somehow
get ResetPassword to use it. Is something like that possible?

Maybe I need a folder with its own web.config file or a completly separate
application?

Can anyone give me a little direction or code ?

Thanks in advance for any help at all


In some organizations, a Customer Service department may wish to change a
user's password to a new known value, perhaps in response to a customer
request. The ChangePassword method, which appears to handle this need,
unfortunately requires the original user password which is usually
unavailable to the site administrator. By setting
"requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true and
"enablePasswordReset" to true in web.config, the ResetPassword and
ChangePassword methods can be used to change a user's password to a known
value, regardless of the password format:



 
Reply With Quote
 
 
 
 
Paul Shapiro
Guest
Posts: n/a
 
      01-16-2009
When you setup the SQL Server membership provider, it creates a number of
stored procedures as well as the necessary tables. Look at some of the
stored procs to see if you can call them directly to accomplish what you
want:
aspnet_Membership_SetPassword
aspnet_Membership_ResetPassword

"AAaron123" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I've been trying to create the capability of changing a users password
> without knowing the old password nor the answer to the password question.
>
> Without success!
>
> I googled a few times, also without success.
>
> I think I need a custom provider since the default one I use to create a
> user account is:
>
> <membership>
> <providers>
> <add name="AspNetSqlMembershipProvider"
> type="System.Web.Security.SqlMembershipProvider, System.Web,
> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
> connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
> enablePasswordReset="true" requiresQuestionAndAnswer="true"
> applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
> maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
> minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
> passwordStrengthRegularExpression=""/>
> </providers>
> </membership>
>
> Based on the note below I wonder if I could change the password if I knew
> how to make a second AspNetSqlMembershipProvider in my solution and
> somehow
> get ResetPassword to use it. Is something like that possible?
>
> Maybe I need a folder with its own web.config file or a completly separate
> application?
>
> Can anyone give me a little direction or code ?
>
> Thanks in advance for any help at all
>
>
> In some organizations, a Customer Service department may wish to change a
> user's password to a new known value, perhaps in response to a customer
> request. The ChangePassword method, which appears to handle this need,
> unfortunately requires the original user password which is usually
> unavailable to the site administrator. By setting
> "requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true
> and
> "enablePasswordReset" to true in web.config, the ResetPassword and
> ChangePassword methods can be used to change a user's password to a known
> value, regardless of the password format:
>
>
>


 
Reply With Quote
 
 
 
 
AAaron123
Guest
Posts: n/a
 
      01-16-2009
Without documentation I don't think I could use them. For example,
PasswordSalt and PasswordFormat; I have no idea how to specify them. I
searched in Help for PasswordSalt and did get hits but I don't think they
apply.

If I, for example, Google for Set Password AspNetSqlMembershipProvider I
get many hits but they all seem to be looking for help, not giving it.
Actually, there are also some good tutorial articles that get close to my
problem, but not close enough. I Googled many combinations of keys with the
same result. I beginning to think no one knows how to do it.

I suppose it's possible that except with some very low level coding it can't
be done - maybe MS wanted it that way.

Thanks for replying


"Paul Shapiro" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> When you setup the SQL Server membership provider, it creates a number of
> stored procedures as well as the necessary tables. Look at some of the
> stored procs to see if you can call them directly to accomplish what you
> want:
> aspnet_Membership_SetPassword
> aspnet_Membership_ResetPassword
>
> "AAaron123" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> I've been trying to create the capability of changing a users password
>> without knowing the old password nor the answer to the password question.
>>
>> Without success!
>>
>> I googled a few times, also without success.
>>
>> I think I need a custom provider since the default one I use to create a
>> user account is:
>>
>> <membership>
>> <providers>
>> <add name="AspNetSqlMembershipProvider"
>> type="System.Web.Security.SqlMembershipProvider, System.Web,
>> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
>> connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
>> enablePasswordReset="true" requiresQuestionAndAnswer="true"
>> applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed"
>> maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
>> minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10"
>> passwordStrengthRegularExpression=""/>
>> </providers>
>> </membership>
>>
>> Based on the note below I wonder if I could change the password if I knew
>> how to make a second AspNetSqlMembershipProvider in my solution and
>> somehow
>> get ResetPassword to use it. Is something like that possible?
>>
>> Maybe I need a folder with its own web.config file or a completly
>> separate
>> application?
>>
>> Can anyone give me a little direction or code ?
>>
>> Thanks in advance for any help at all
>>
>>
>> In some organizations, a Customer Service department may wish to change a
>> user's password to a new known value, perhaps in response to a customer
>> request. The ChangePassword method, which appears to handle this need,
>> unfortunately requires the original user password which is usually
>> unavailable to the site administrator. By setting
>> "requiresQuestionAndAnswer" to false, "enablePasswordRetrieval" to true
>> and
>> "enablePasswordReset" to true in web.config, the ResetPassword and
>> ChangePassword methods can be used to change a user's password to a known
>> value, regardless of the password format:
>>
>>
>>

>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Change a users password without knowing the old password nor the answer to the password question AAaron123 ASP .Net 1 01-16-2009 02:56 PM
Impersonation with users of 2 domain (nor trusted) DB ASP .Net 0 10-29-2007 02:12 PM
Impersonation with users of 2 domain (nor trusted) DB ASP .Net Security 0 10-26-2007 01:40 PM
How can Administrator change the Password of existing User, without knowing his Old Password in Administer Security Tool ? Luqman ASP .Net 5 07-12-2007 09:29 AM
Coming out of the closet - Object Reference - Knowing I most likely won't get an answer... theintrepidfox@hotmail.com ASP .Net 2 03-25-2006 02:26 PM



Advertisments