ASP.NET Identity Change Password

ASP.NET Identity change password

ApplicationUserManager is the class generated by the ASP.NET Template.

Which means, you can edit it and add any functionality it doesn't have yet. The UserManager class has a protected property named Store which stores a reference to the UserStore class (or any subclass of it, depending on how you configured your ASP.NET Identity or if you use custom user store implementations, i.e. if you use different database engine like MySQL). 

public class AplicationUserManager : UserManager<....> 
{
    public async Task<IdentityResult> ChangePasswordAsync(TKey userId, string newPassword) 
    {
        var store = this.Store as IUserPasswordStore;
        if(store==null) 
        {
            var errors = new string[] 
            { 
                "Current UserStore doesn't implement IUserPasswordStore"
            };

            return Task.FromResult<IdentityResult>(new IdentityResult(errors) { Succeeded = false });
        }

        if(PasswordValidator != null)
        {
            var passwordResult = await PasswordValidator.ValidateAsync(password);
            if(!password.Result.Success)
                return passwordResult;
        }

        var newPasswordHash = this.PasswordHasher.HashPassword(newPassword);

        await store.SetPasswordHashAsync(userId, newPasswordHash);
        return Task.FromResult<IdentityResult>(IdentityResult.Success);
    }
}

The UserManager is nothing else than a wrapper to the underlying UserStore. Check out IUserPasswordStore interface documentation at MSDN on available Methods.

Edit:
The PasswordHasher is also a public property of the UserManager class, see interface definition here.

Edit 2:
Since some people naively believe, you can't do password validation this way, I've updated it. The PasswordValidator property is also a property of UserManager and its as simple as adding 2 lines of code to add password validation too (which wasn't an requirement of the original question though).

Changing password asp.net identity

User.Identity.GetUserId() will return the id of current logged in user.
From UserManager you can get any user from their username like this

var user = UserManager.FindByName("the username here");

then you can change password from UserManager again

UserManager.ChangePassword(user.Id, "OldPassword", "NewPassword");

ASP.NET Identity reset password

In current release

Assuming you have handled the verification of the request to reset the forgotten password, use following code as a sample code steps.

ApplicationDbContext =new ApplicationDbContext()
String userId = "<YourLogicAssignsRequestedUserId>";
String newPassword = "<PasswordAsTypedByUser>";
ApplicationUser cUser = UserManager.FindById(userId);
String hashedNewPassword = UserManager.PasswordHasher.HashPassword(newPassword);
UserStore<ApplicationUser> store = new UserStore<ApplicationUser>();            
store.SetPasswordHashAsync(cUser, hashedNewPassword);

In AspNet Nightly Build

The framework is updated to work with Token for handling requests like ForgetPassword. Once in release, simple code guidance is expected.

Update:

This update is just to provide more clear steps.

ApplicationDbContext context = new ApplicationDbContext();
UserStore<ApplicationUser> store = new UserStore<ApplicationUser>(context);
UserManager<ApplicationUser> UserManager = new UserManager<ApplicationUser>(store);
String userId = User.Identity.GetUserId();//"<YourLogicAssignsRequestedUserId>";
String newPassword = "test@123"; //"<PasswordAsTypedByUser>";
String hashedNewPassword = UserManager.PasswordHasher.HashPassword(newPassword);                    
ApplicationUser cUser = await store.FindByIdAsync(userId);
await store.SetPasswordHashAsync(cUser, hashedNewPassword);
await store.UpdateAsync(cUser);

How to Change AspNet Identity Password Hash to AspNet.Core Identity Password Hash

You cannot simply convert the hash value from one password hasher to another unless they ofcourse use the exact same hashing mechanism (in which case there would be no need for conversion in the first place).

I have encountered this scenario in few projects where we changed the password hashing mechanism and effectively, we had to send everyone password reset emails. In another project, it was not feasible so basically we forced the user to change their password upon first login (and we used the old hasher to validate their current password) and the new passwords would have been then hashed using the new hasher.

Asp.net Identity Auto sign out after changing password

Instead of calling _userManager.ChangePasswordAsync, modify directly PasswordHash:

var userName = HttpContext.Current.User.Identity.Name;
var user = _userManager.Find(userName, oldPassword);
user.PasswordHash = UserManager.PasswordHasher.HashPassword(password); 
IdentityResult result = await UserManager.UpdateAsync(user);

Related Topics

Micro Optimization of a 4-Bucket Histogram of a Large Array or List

What Are the Differences Between the Xmlserializer and Binaryformatter

Difference Between Icomparable and Icomparer

How to Create an Odbc Dsn Entry Using C#

Convert Data Type from Inherited Classes in C#

Why Is There a Difference in Checking Null Against a Value in Vb.Net and C#

Ways to Synchronize Interface and Implementation Comments in C#

How to Use the .Net Timer Class to Trigger an Event at a Specific Time

Using Custom Fonts on a Label on Winforms

Button in a Column, Getting the Row from Which It Came on the Click Event Handler

How to Delete a Row from Gridview

Why Does System.Threading.Timer Stop on Its Own

Best Way to Share Data Between Two Child Components in Blazor

How to Use Async to Increase Winforms Performance

Combining Datatemplates at Runtime

Delete a Single Record from Entity Framework

Compare String Similarity

How to Setup Multiple Auth Schemes in ASP.NET Core 2.0


Leave a reply



Submit