ASP.NET Identity change password only admin and delete user without e-mail

Question

I am trying to implement asp identity and owin security. I implement login, create new user and while create new user I assign role to that user. New user is registered with user name and password NOT EMAIL. Only administrator can add new users because he can only access to administrator page.

So next problem is I want allow administrator to reset password and delete users. My logic is that I list all users (it is private app so it want be too much users) in gridview and with two buttons do the thing. So I get users but reset not working.

I found questions like this LINK but I didn't find any solution.

This is my add new user method and it's working.

var userStore = new UserStore<IdentityUser>();
var manager = new UserManager<IdentityUser>(userStore);
var user = new IdentityUser() { UserName = txtUser.Text };

IdentityResult result = manager.Create(user, txtPass.Text);

if (result.Succeeded && ddlRole.SelectedValue=="1")
{ 
    var roleresult = manager.AddToRole(user.Id, "User");            
    var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
    var userIdentity = manager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);

    authenticationManager.SignIn(new AuthenticationProperties() { }, userIdentity);

    Response.Redirect("~/Login.aspx");
}
else if (result.Succeeded && ddlRole.SelectedValue == "2")
{
    var roleresult = manager.AddToRole(user.Id, "Administrator");
    var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
    var userIdentity = manager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);

    authenticationManager.SignIn(new AuthenticationProperties() { }, userIdentity);
    Response.Redirect("~/Login.aspx");
}
else
{
   StatusMessage.Text = result.Errors.FirstOrDefault();
}

I tried reset password with this method

protected async void btnReset_Click(object sender, EventArgs e)
{
    var userStore = new UserStore<IdentityUser>();
    var manager = new UserManager<IdentityUser>(userStore);
    GridViewRow row = ((Button)sender).NamingContainer as GridViewRow;
    var user = row.Cells[0].Text;
    var token = await manager.GeneratePasswordResetTokenAsync(user);
    var result = await manager.ResetPasswordAsync(user, token, txtNewPass.Text.Trim());

    if (result.Succeeded)
        Literal1.Text = "Uspješno promijenjena lozinka";
    else
        Literal1.Text = "Nismo uspjeli promijeniti lozinku!";
}

but it's not working.

If someone can help me with reset password or delete user I appreciate.

Regards

UPDATE 1

I get delete user on "classic way"

GridViewRow row = ((Button)sender).NamingContainer as GridViewRow;
Label lblUserID = row.FindControl("lblUserID") as Label;//Hidden User ID
String conStr = ConfigurationManager.ConnectionStrings[""].ToString();

using (SqlConnection conn = new SqlConnection(conStr))
{
    conn.Open();

    string sQuery = "DELETE FROM AspNetUsers WHERE Id=@employeeID";

    SqlCommand cmd = new SqlCommand(sQuery, conn);
    cmd.Parameters.AddWithValue("@employeeID", lblUserID.Text);

    try
    {
        cmd.ExecuteNonQuery();
        Literal1.Text = "Uspješno izbrisan korisnik <span class=\"bg-red\">" + row.Cells[1].Text + "</span>";
        ListUsers();
    }
    catch
    {
        Literal1.Text = "<span class=\"bg-red\">Neuspješno brisanje</span>";
    }
}

I don't know is this good choice considering security issues.

Answer 1

you need to pass the user object to GeneratePasswordResetTokenAsync right now you are passing a string inside a var

var user =manager.FindByNameAsync(row.Cells[0].Text);//Hoping that row.Cells[0].Text is username of the user
var token = await manager.GeneratePasswordResetTokenAsync(user);
var result = await manager.ResetPasswordAsync(user, token, txtNewPass.Text.Trim());