• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3578
  • Last Modified:

Membership User Reset Password

I'm trying to provide the users and Admin users the ability to reset their password and then change it on the next login.  The reset password works and the users can login but if they try to chagne their password to something more readable I get the follow error.

"The password supplied is invalid.  Passwords must conform to the password strength requirements configured for the default provider"

I'm trying to Reset and then changing the password using the code below.  I still get the same error.  

Method to reset and change password:
  MembershipUser user = Membership.GetUser(uid);
                string newpwd = "newPassword!";
                string resetpwd = user.ResetPassword("QuestionAnswser");
                user.ChangePassword(resetpwd, newpwd);

Open in new window

  • 3
  • 3
1 Solution
You need to do it on the .config file!  Here is the forum for your answer!


I'm not sure why your code is failing, but it may help to skip the ResetPassword / UpdateUser step. Try this:

user.ChangePassword(user.GetPassword("QuestionAnswser"), newPassword);

This won't work if you are using hashed passwords but it should work for encrypted and clear.
zekuserAuthor Commented:
I know you have to do it in the config File!! that is why i posted the web config section first.  The only piece I didn't paste in was passwordStrengthRegularExpression="".  

I'll try the cuser.ChangePassword(user.GetPassword("QuestionAnswser"), newPassword); to see if it works.
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

zekuserAuthor Commented:
I'm getting Attribute not recognized enablePasswordRetrieval.  I researched a little more and I found this on MSDN.

The ActiveDirectoryMembershipProvider class does not support this method. " 
Yes, you are correct about the AD provider. I went through this last year. In the end I found that while I could change my own password using the ChangePassword control, I couldn't change anyone else's.

zekuserAuthor Commented:
I have an admin account that I supply to the Provider in the web.config file and I can change a users password.  The problem is that I need to know what the users password was .  I can reset the users password (without knowing their password) but this password is generated by the provider.  The password has to exist for a minimum of 24 hours becuas that is the minimum in the policy.  My options as I see them are to either set the min password age = 0 in the policy or force users to wait 24 hours to change their password.

I don't think you'll ever get AD to provide you with the user's password so that you can call user.ChangePassword. Isn't an AD password stored using a 1-way hash? If it is, no one - not even Windows - can turn that back into clear text for you to pass around as a parameter.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now