We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Membership User Reset Password

zekuser asked
Medium Priority
Last Modified: 2012-05-06
I'm trying to provide the users and Admin users the ability to reset their password and then change it on the next login.  The reset password works and the users can login but if they try to chagne their password to something more readable I get the follow error.

"The password supplied is invalid.  Passwords must conform to the password strength requirements configured for the default provider"

I'm trying to Reset and then changing the password using the code below.  I still get the same error.  

Method to reset and change password:
  MembershipUser user = Membership.GetUser(uid);
                string newpwd = "newPassword!";
                string resetpwd = user.ResetPassword("QuestionAnswser");
                user.ChangePassword(resetpwd, newpwd);

Open in new window

Watch Question

You need to do it on the .config file!  Here is the forum for your answer!


I'm not sure why your code is failing, but it may help to skip the ResetPassword / UpdateUser step. Try this:

user.ChangePassword(user.GetPassword("QuestionAnswser"), newPassword);

This won't work if you are using hashed passwords but it should work for encrypted and clear.


I know you have to do it in the config File!! that is why i posted the web config section first.  The only piece I didn't paste in was passwordStrengthRegularExpression="".  

I'll try the cuser.ChangePassword(user.GetPassword("QuestionAnswser"), newPassword); to see if it works.


I'm getting Attribute not recognized enablePasswordRetrieval.  I researched a little more and I found this on MSDN.

The ActiveDirectoryMembershipProvider class does not support this method. " 
Yes, you are correct about the AD provider. I went through this last year. In the end I found that while I could change my own password using the ChangePassword control, I couldn't change anyone else's.


I have an admin account that I supply to the Provider in the web.config file and I can change a users password.  The problem is that I need to know what the users password was .  I can reset the users password (without knowing their password) but this password is generated by the provider.  The password has to exist for a minimum of 24 hours becuas that is the minimum in the policy.  My options as I see them are to either set the min password age = 0 in the policy or force users to wait 24 hours to change their password.

I don't think you'll ever get AD to provide you with the user's password so that you can call user.ChangePassword. Isn't an AD password stored using a 1-way hash? If it is, no one - not even Windows - can turn that back into clear text for you to pass around as a parameter.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.