Reset or recover a user's password by an admin using a username in SimpleMembership

359 views Asked by At

I am working on an ASP.Net MVC 4 application where it uses SimpleMembership and I have two types of user one is normal user and an admin. I am trying to add a feature where an admin can reset a normal user's password just by entering a username and type in a new password and then he can manually send the new password to the user.

Is there a good way I can use SimpleMemberShip to get this feature?

1

There are 1 answers

1
Phil Cazella On

Well, you can certainly change the password for a user account to whatever you'd like in code.

To change the password for an account using the any sub class of the MembershipProvider (I.e. WebMatrix.WebData.SimpleMembershipProvider), you must first retrieve (or be supplied) the current password. Assuming you have a way to query the Database, one way is to to get the stored password from the DB. If it is stored as an encrypted value, you can use the provider Decrypt method and convert that resulting byte array to a string value.

How convert byte array to string

Then, using the SimpleMembershipProvider method ChangePassword, supply the username, oldpassword, and the new password. The result of this method is a boolean that indicates if the change was successful.

From a security standpoint, if you are going to make an MVC form view for the Admins to use, I'd make sure the controller action that handles the processing is secure and only allows authenticated Admins to use it. If you've not already done so, you'll need to implement the use of Roles or at least designate specific user names in the [Authorize] attribute of that action.

If you need the code for all this, I suggest starting a bounty.