Reset password by aspnet membership provider

Question

I want an application wich can reset an user's password by member himself and the customer service department. To enable self-service password management, the user can answer question and retrieve/reset the password. The web.config likes

<add name="AspNetSqlMembershipProvider" requiresQuestionAndAnswer="true" enablePasswordRetrieval="false" enablePasswordReset="true">

In some organizations, a Customer Service department may wish to change a user’s password to a new known value, perhaps in response to a customer request. The ChangePassword method, which appears to handle this need, unfortunately requires the original user password which is usually unavailable to the site administrator. By setting “requiresQuestionAndAnswer” to false, “enablePasswordRetrieval” to true and “enablePasswordReset” to true in web.config, the ResetPassword and ChangePassword methods can be used to change a user’s password to a known value, regardless of the password format. Therefore it is a contradiction since

requiresQuestionAndAnswer="true"
requiresQuestionAndAnswer="false"

Is there a trick to reslove it? Set two connection strings? Thanks for help?

Answer 1

Well, this has been answered before. The trick is to add a second custom provider and use that in the pages that are accessible for the administrator.

http://peterkellner.net/2007/02/15/resetpasswordaspnet/

Answer 2

AFAIK, By design if you want to reset a password without knowing the question and answer, then you simply cant use requiresQuestionAndAnswer for built in support.

If you use requiresQuestionAndAnswer=true, you are required to have the answer unless you roll a solution to access the tables directly.

So, if you want admin reset functionality, you need to set requiresQuestionAndAnswer=false unfortunately.