Recently I was in a situation where a user was required to change the password upon first login.
But MembershipUser’s ChangePassword requires 2 arguments. Old and new password. In my case the password was hashed and I couldn’t retrieve it unless the user enter it.
So I wanted to change the password without asking the old one. The solution was :
- Reset the password
- Keep the generated password in a var
- Call MembershipUser.ChangePassword using the generated password as the old one!
It does an extra query to the database but does the job! If the password was stored in Clear or Encrypted form it could be retrieved.