Change password failed

Did I miss something?
 
protected void ChangePassword2_ChangedPassword(object sender, EventArgs e)
        {
             MembershipUser user = Membership.GetUser(Request.QueryString["UserName"]);
             string currentPassword = ChangePassword2.CurrentPassword.ToString();
             bool success = user.ChangePassword(currentPassword,ChangePassword2.ConfirmNewPassword);

Open in new window

 
ChangePassword2 is an asp.net ChangePassword control.
I found that it always return a false bool.
zhshqzycAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

OklahomaDaveCommented:
Without knowing a bit more about the setup, the best we can do here is speculate fairly generally. What provider are you using?

Are you sure the currentPassword isn't encrypted or at least encoded in some way other than cleartext? That is, if a non-cleartext password is returned by the CurrentPassword property, passing it unadulterated as the first parameter to ChangePassword will always fail.

The other possibility is that the new password supplied by the user violates the providers password strength requirement, eg contains illegal characters, too long/short, etc.

If you can provide more detail, ensure you haven't misnamed the controls holding the password values, etc. we can hopefully help you better.

0
zhshqzycAuthor Commented:
I am using Aspnet Membership Provider. It is hard to reset password by an administrator because he can not get the current password. If there is not currentpassword property, how can I pull out the hashed password of an user from the database?
protected void btnResetPw_Click(object sender, EventArgs e)
        {
            string userName = this.Request.QueryString["UserName"];
            MembershipUser user = Membership.GetUser(userName);

            if (newPass.Text == confirmPass.Text && confirmPass.Text != null && confirmPass.Text.Length > 0)
            {
               // string currentPassword = user.Something??????????
                try
                {
                    bool success = user.ChangePassword(currentPassword, confirmPass.Text);

Open in new window

Maybe this logic is totally wrong?
So what is a correct way to reset password by an administrator? password
0
OklahomaDaveCommented:
Aha, I think I see the problem now.

The intent is NOT for you to fetch the existing user password from the database - its for the USER to supply the existing password as a means of authenticating the user making the password change. That is assuming only the person changing the password would know the current password. So you're password change dialog would need to include a "Current Password" field that you can capture and send to the membership provider.

0
zhshqzycAuthor Commented:
Yes. You are right. Reset password can be done easily by the user because he/she know the current password. This can be done by including the "Existing Password" field. I believe the standard PasswordRecovery control already include this function.

However, I got an assignment for implementing a resetting the password by an administrator. Because he/she doesn't know the user's current password. So can we say the assignment itself is ridiculous or impossible or there maybe a way to complete it?


0
OklahomaDaveCommented:
The MembershipUser object does not support an override of ChangePassword that doesn't require the provision of the user's existing password.You might, however, explore the ResetPassword method to see if it might accomplish what you need. This method resets a user's password to an automatically generated one, not one provided by a user, but the method returns the password to the caller.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.