how to set web.config and use the ASP.NET ResetPassword() method

I'm using the asp.net forms authentication and i need to be able to reset the password for a user.

This is the code:

protected void resetPassword(string username)
{
    MembershipUser user = Membership.GetUser(username);
    if (user != null)
    {
        string newPassword = user.ResetPassword();
        Membership.UpdateUser(user);
        MailMessage message = new MailMessage("", user.Email, "change password", "your Password changed to: " + newPassword);
        userManager.sendMail(message);
    }
}

And here is my web.config file:

<?xml version="1.0"?>
<configuration>
  <appSettings>
    <add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;" />
  </appSettings>
  <system.webServer>
    <handlers>
      <remove name="ChartImageHandler" />
      <add name="ChartImageHandler" preCondition="integratedMode" verb="GET,HEAD,POST"
       path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </handlers>
  </system.webServer>
  <connectionStrings>
    <add name="CRM_DBConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=C:\CRM\CRM\DAL_new\CRM_DB.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
    <add name="CRM_DBConnectionString2" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=C:\CRM\DAL_new\CRM_DB.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <httpHandlers>
      <add path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
       validate="false" />
    </httpHandlers>
    <pages>
      <controls>
        <add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting"
         assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </controls>
    </pages>
    <roleManager enabled="true"/>
    <authentication mode="Forms">
      <forms loginUrl="./login_page/Default.aspx" name=".ASPXFORMSAUTH" protection="All" timeout="43200" requireSSL="false" slidingExpiration="true" cookieless="UseCookies" enableCrossAppRedirects="false" />
    </authentication>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </assemblies>
    </compilation>
  </system.web>
  <system.net>
    <mailSettings>
      <smtp from="donot.reply@gmail.com">
        <network host="smtp.gmail.com" password="########" port="587" userName="######@gmail.com"/>
      </smtp>
    </mailSettings>
  </system.net>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBinding_IBlServer" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
          <readerQuo开发者_运维百科tas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
          <security mode="None">
            <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
            <message clientCredentialType="UserName" algorithmSuite="Default"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://localhost:51109/Service1.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IBlServer" contract="CrmServiceReference.IBlServer" name="BasicHttpBinding_IBlServer"/>
    </client>
  </system.serviceModel>
</configuration>

The line: string newPassword = user.ResetPassword(); throws the exception:

System.ArgumentNullException was unhandled by user code
  Message=Value cannot be null.
Parameter name: passwordAnswer

I've been through lots of similar question here and on other sites, but i can't seem to get it right. It either ends up with an error about ResetPassword() that has to get a parameter, or mucks up other code on the page that retrieves user account for other manipulation.

The solution here mucks up other MembershipUser user = Membership.GetUser(username); lines in my code.

So where and how to i configure my web.config if i want the following:

1. A user can reset his password for himself using the security Q&A (this already works)

2. An admin can reset the password for a user. The user will get an E-Mail with the new password.

Thanks in advance,

Summerbulb

Do you have custom membership settings provided? I don't see them in the config. I had the same issue too, and ended up dropping the password question/answer. Are you hashing passwords and password answers? If using the hash option, this won't work without knowing the correct answer. If you are doing the encrypted route, then you could reflectively call the Decrypt methods in the SqlMembershipProvider class to decrypt the data, which is a little pain but works.

Similarly, you have a few other options. Turn off the password question/answer, but custom implement this yourself. Membership framework was not meant for sys admin features. Secondly, store the answer manually (essentially duplicate it) in clear text or encrypted using your algorithm, and decrypt it.

The password question and answer is all driven from config, so lastly, you could also consider making two membership providers, the second one with requiresquestionandanswer to false:

<add name="AdminProvider" type="<point to SQL membership" requiresQuestionAndAnswer="false" />

In your admin screen, do:

Membership.Providers[1].ResetPassword();

And then it work work because it's configuration states no question and answer is needed.

Let me know if you need more info.

What you need for part 2 (An admin can reset the password for a user. The user will get an E-Mail with the new password.) you can see here

http://www.ezineasp.net/post/ASP-Net-2-0-Password-Recovery-Control-With-Email.aspx

For me it works. If user forgot his password, he gets e-mail with new password.Only You need to set enablePasswordReset to true.