Can I force in a temporary password answer to asp.net membership?

We recently added the ability for clients to reset their own passwords using the security question. For new clients, this is fine, as we can set the security question and answer on account creation. For existing clients, this is an issue.

For clients who have forgotten their password, we e-mail them a temporary password, and then they login with that to reset their password. However, this method now breaks, because their password answer is null. I need to somehow force in a temporary password answer 开发者_如何转开发for asp.net membership to accept my temporary password. I looked in the aspnet_Membership table, and it was null for PasswordQuestion and PasswordAnswer. I tried setting the PasswordAnswer value to their current salted password, just to have a value there, but ASP.NET keeps telling me that password answer cannot be null.

Does anyone know of a work-around for this? How can we easily add in a temporary password answer? We can reset the security question and answer once we reset the password, as we know what the temporary password is, but we're in a catch-22 without being able to set the temporary password.

I know we could setup a different asp.net membership for them to be reset, but I don't want to do that, as we share methods, and that adds a lot more complexity. We just need a 1 time loading of some default value for the password answer. Any ideas?

Update: OK, I figured out that the issue was not having the value in the DB, but the value I was passing to the ResetPassword() method. It is looking for me to pass a value that matches what is stored in the DB. However, I can't produce that value, because it is generated from the saved password salt, and the entered password. I tried using a different users saved password as a test and it did not work.

What are you using to do this? You can easily do this by scripting it in the database through an update statement

update aspnet_membership set PasswordAnswer = Password

Additionally, if you wanted to get a common password answer, one thing I've done is in a test environment with the same algorighm/machine key, or on your prod environment, get an account to change the password answer to something you know (like yours), then copy that value into an update query like:

update aspnet_Membership set PasswordAnswer = '<the known v alue>'

since the answer is also encrypted.

Please be careful if you are doing this in a prod environment; I would highly suggest doing it in a test environment (as long as it has the same encryption key setup), testing the script there before deploying it.

HTH.