Monday, September 28, 2009 6:25 AM djsolid

ASP.NET Membership - Change password without asking the old

Recently I was in a situation where a user was required to change the password upon first login.

But MembershipUser’s ChangePassword requires 2 arguments. Old and new password. In my case the password was hashed and I couldn’t retrieve it unless the user enter it.

changepass

So I wanted to change the password without asking the old one. The solution was :

image

  1. Reset the password
  2. Keep the generated password in a var
  3. Call MembershipUser.ChangePassword using the generated password as the old one!

It does an extra query to the database but does the job! If the password was stored in Clear or Encrypted form it could be retrieved.

Comments

# ASP.NET Membership - Change password without asking the old

Sunday, September 27, 2009 11:41 PM by DotNetKicks.com

You've been kicked (a good thing) - Trackback from DotNetKicks.com

# ASP.NET Membership - Change password without asking the old

Sunday, September 27, 2009 11:46 PM by DotNetBurner - ASP.net

DotNetBurner - burning hot .net content

# ASP.NET Membership - Change password without asking the old

Monday, September 28, 2009 3:11 AM by DotNetShoutout

Thank you for submitting this cool story - Trackback from DotNetShoutout

# ASP.NET Membership - Change password without asking the old - Web Dev And Stuff

Monday, September 28, 2009 9:52 AM by Servefault.com

Thank you for submitting this cool story - Trackback from Servefault.com

# re: ASP.NET Membership - Change password without asking the old

Thursday, October 01, 2009 10:42 AM by PhillyBones

Thanks! I was trying to get the password via the user's Membership data, not realizing that it was looking for the clear text, not the hashed value stored in the database.

# re: ASP.NET Membership - Change password without asking the old

Friday, October 02, 2009 12:09 PM by antonio machado

tks a lot

# re: ASP.NET Membership - Change password without asking the old

Friday, October 09, 2009 12:55 PM by Jesse

You could also use the GetPassword() function instead of auto generating a new one.  Not sure if this is a big deal or not, but just FYI:

user.ChangePassword(user.GetPassword(), "NewPwHere")

# re: ASP.NET Membership - Change password without asking the old

Wednesday, October 14, 2009 12:49 AM by djsolid

Jesse this works only if you store the password in an encrypted way and not in a hashed.

# re: ASP.NET Membership - Change password without asking the old

Friday, October 30, 2009 7:03 AM by a

Thanks a lot, great tip - I was just scratching my head how to change the password when it's stored as hashed.

# re: ASP.NET Membership - Change password without asking the old

Saturday, November 21, 2009 11:36 PM by phuonglewis

thank you so much. U've kicked me out of stuck.

Leave a Comment

(required) 
(required) 
(optional)
(required)