How does the default ASP.NET Membership's Change Password page allow me to change anyone's password? It looks like the Change Password page doesn't take any parameters where I could specify User ID or something. It appear like it is designed to change the password of currently logged in user only. Or is there a way around it?
Asked
Active
Viewed 111 times
0
-
a good way to start : http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.changepassword.aspx – Sora Jun 12 '13 at 06:25
1 Answers
0
The default functionality does not allow you to do that. You must supply the "old password".
If you must provide this possibility (instead of letting users reset their password via the password answer), I'm afraid you must implement it yourself.
Alexander
- 2,457
- 1
- 14
- 17
-
I can get the old password from the DB (i'm storing them as plain text in the database). Do I still stand a chance? – dotNET Jun 12 '13 at 06:45
-
Give it a try then! I strongly advise you not to store plain text passwords, though. – Alexander Jun 12 '13 at 06:50