views:

74

answers:

3

Hi Guys,
I code in C# (ASP.NET) and am using Forms authentication.
I would like to know which is the best method to change a user password without using the asp:ChangePassword control.
I dont want to use the reset password method.
I just want to grab the password i have inside my textbox and replace it with my older password.
Please note that the PasswordFormat I use is passwordFormat="Hashed"
Some code snippets would be helpful

Edit:

In my web.config, I have set enablePasswordRetrieval="false"
I used the following method

var myUser = Membership.GetUser(userID);
bool isChangeSuccess = myUser.ChangePassword(
    myUser.GetPassword(),
    ActivateUserPasswordText.Text.Trim());

It gives me the error,

This Membership Provider has not been configured to support password retrieval.

What could be done to solve these issues? I would really like my PasswordFormat to be hash itself.

Regards,
Naveen Jose

+2  A: 

Assuming you are using the ASP.NET security thingies.

System.Web.Security.MembershipProvider.ChangePassword method

leppie
+2  A: 

Only the Hash value for the passwords are usually stored by the asp.net membership provider, so it is not possible to retrieve the original password. It is possible to change this behavior by configuration, but it is not recommended.
Simply ask the user to enter the old password also while changing the password. You can use the old password entered by the user in the User.ChangePassword method and it should work fine.

NimsDotNet
My intention was to create a retrieve password for lost passwords
naveen
+1  A: 

Hi Guys,

Got it solved. Thanks to my fellow developer.

var myUser = Membership.GetUser(userID);
bool isChangeSuccess = myUser.ChangePassword(
    myUser.ResetPassword(),
    ActivateUserPasswordText.Text.Trim());

Cant say I liked it much though.
I thought ResetPassword() would be returning a bool.

Regards, naveenj

naveen