How to manually change password in asp.net membership?

Question

I would like to change password in database manually, but I am not sure what exactly I need to change and which methods to use. I would change it via code but currently I have only access to db.

score 21 · Accepted Answer · answered Sep 05 '11 at 09:10

21

If you want to change the password directly through the database, you are going to need to create a new user or find an existing user that you know the password of. Then, you'll need to get the password and salt, then update the user in question with the same password and salt.

Get the user's password/salt:

SELECT 
    au.username, aa.ApplicationName, password, passwordformat, passwordsalt
FROM 
    aspnet_membership am
INNER JOIN 
    aspnet_users au ON (au.userid = am.userid)
INNER JOIN 
    aspnet_applications aa ON (au.applicationId = aa.applicationid)
WHERE
    au.UserName = '[user to change password]'

Change the password:

DECLARE @changeDate DATETIME
SET @changeDate = GETDATE()

EXEC aspnet_Membership_setPassword 
    'applicationName',
    'user',
    'password',
    'passwordsalt',
    @changeDate,
    Passwordformat

Taken from here...

answered Sep 05 '11 at 09:10

Sumo

4,066
23
40

I have only 1 user, which mean that I have to create new one. How to create new one via db? Possible? – ilija veselica Sep 05 '11 at 10:44
1

it turned out my account was locked out too so I just had to unlock it. Thanks! – ilija veselica Sep 05 '11 at 10:56
I'm glad you said that. I had the same problem. The simplest fix is: `update aspnet_Membership set IsLockedOut = 0` if you are happy to edit all rows. – Magnus Smith Nov 29 '17 at 10:06
There is a field IsLockedOut in aspnet_Membership table, just write an update query to set the field to 0, it will work ```update aspnet_Membership set IsLockedOut=0 where UserId='A07C5672-83A9-45BF-B7BB-8A46388F2D68'``` – Baskar PC Sep 02 '22 at 18:21

w5l · Answer 2 · 2022-01-04T14:42:33.103

2

See this page: https://learn.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/admin/recovering-and-changing-passwords-cs

The code calls a stored procedure:

Like with the other methods in the Membership framework, the ResetPassword method delegates to the configured provider. The SqlMembershipProvider invokes the aspnet_Membership_ResetPassword stored procedure, passing in the user's username, the new password, and the supplied password answer, among other fields. The stored procedure ensures that the password answer matches and then updates the user's password.

edited Jan 04 '22 at 14:42

answered Sep 05 '11 at 09:01

w5l

5,341
1
25
43

That webpage also talks about another SP: aspnet_Membership_SetPassword. – John Gilmer Dec 29 '21 at 18:54

How to manually change password in asp.net membership?

2 Answers2