Change User Password in ASP.NET Forms Authentication_问答_开发者

Change User Password in ASP.NET Forms Authentication

开发者 https://www.devze.com 2023-01-03 03:40 出处：网络

I code in C# (ASP.NET) and am using Forms authentication. I would like to know which is the best method to change a user password without using the asp:ChangePassword control.

I code in C# (ASP.NET) and am using Forms authentication.

I would like to know which is the best method to change a user password without using the asp:ChangePassword control.

I dont want to use the reset password method.

I just want to grab the password i have inside my textbox and replace it with my older password.

Please note that the PasswordFormat I use is passwordFormat="Hashed"

Some code snippets would be helpful

Edit:

In my web.config, I have set enablePasswordRetrieval="false"

I used the following method

var myUser = Membership.GetUser(userID);
bool isChangeSuccess = myUser.ChangePassword(
    myUse开发者_如何转开发r.GetPassword(),
    ActivateUserPasswordText.Text.Trim());

It gives me the error,

This Membership Provider has not been configured to support password retrieval.

What could be done to solve these issues? I would really like my PasswordFormat to be hash itself.

Regards,

Naveen Jose

Got it solved. Thanks to my fellow developer.

var myUser = Membership.GetUser(userID);
bool isChangeSuccess = myUser.ChangePassword(
    myUser.ResetPassword(),
    ActivateUserPasswordText.Text.Trim());

Cant say I liked it much though.
I thought ResetPassword() would be returning a bool.

Assuming you are using the ASP.NET security thingies.

System.Web.Security.MembershipProvider.ChangePassword method

Only the Hash value for the passwords are usually stored by the asp.net membership provider, so it is not possible to retrieve the original password. It is possible to change this behavior by configuration, but it is not recommended.
Simply ask the user to enter the old password also while changing the password. You can use the old password entered by the user in the User.ChangePassword method and it should work fine.

This Membership Provider has not been configured to support password retrieval.

The above message is displayed because of your password format will be salt and so that you can't get the password of the user. If you want to do this change the password format and try again.

On the off chance someone is using the ApplicationUser and not the Membership - as I was because I did not want to set a Membership Provider - you can change the password this way:

            Dim manager = New UserManager()
            Dim userChange As ApplicationUser = manager.FindById(IDUser)

            userChange.PasswordHash = manager.PasswordHasher.HashPassword(newPassword.Value)
            Dim val As Object = manager.Update(userChange)

Hope this helps someone