ASP.NET Identity change password
ApplicationUserManager
is the class generated by the ASP.NET Template.
Which means, you can edit it and add any functionality it doesn't have yet. The UserManager class has a protected property named Store
which stores a reference to the UserStore
class (or any subclass of it, depending on how you configured your ASP.NET Identity or if you use custom user store implementations, i.e. if you use different database engine like MySQL).
public class AplicationUserManager : UserManager<....>
{
public async Task<IdentityResult> ChangePasswordAsync(TKey userId, string newPassword)
{
var store = this.Store as IUserPasswordStore;
if(store==null)
{
var errors = new string[]
{
"Current UserStore doesn't implement IUserPasswordStore"
};
return Task.FromResult<IdentityResult>(new IdentityResult(errors) { Succeeded = false });
}
if(PasswordValidator != null)
{
var passwordResult = await PasswordValidator.ValidateAsync(password);
if(!password.Result.Success)
return passwordResult;
}
var newPasswordHash = this.PasswordHasher.HashPassword(newPassword);
await store.SetPasswordHashAsync(userId, newPasswordHash);
return Task.FromResult<IdentityResult>(IdentityResult.Success);
}
}
The UserManager
is nothing else than a wrapper to the underlying UserStore
. Check out IUserPasswordStore
interface documentation at MSDN on available Methods.
Edit:
The PasswordHasher
is also a public property of the UserManager
class, see interface definition here.
Edit 2:
Since some people naively believe, you can't do password validation this way, I've updated it. The PasswordValidator
property is also a property of UserManager
and its as simple as adding 2 lines of code to add password validation too (which wasn't an requirement of the original question though).
Changing password asp.net identity
User.Identity.GetUserId()
will return the id of current logged in user.
From UserManager
you can get any user from their username like this
var user = UserManager.FindByName("the username here");
then you can change password from UserManager
again
UserManager.ChangePassword(user.Id, "OldPassword", "NewPassword");
ASP.NET Identity reset password
In current release
Assuming you have handled the verification of the request to reset the forgotten password, use following code as a sample code steps.
ApplicationDbContext =new ApplicationDbContext()
String userId = "<YourLogicAssignsRequestedUserId>";
String newPassword = "<PasswordAsTypedByUser>";
ApplicationUser cUser = UserManager.FindById(userId);
String hashedNewPassword = UserManager.PasswordHasher.HashPassword(newPassword);
UserStore<ApplicationUser> store = new UserStore<ApplicationUser>();
store.SetPasswordHashAsync(cUser, hashedNewPassword);
In AspNet Nightly Build
The framework is updated to work with Token for handling requests like ForgetPassword. Once in release, simple code guidance is expected.
Update:
This update is just to provide more clear steps.
ApplicationDbContext context = new ApplicationDbContext();
UserStore<ApplicationUser> store = new UserStore<ApplicationUser>(context);
UserManager<ApplicationUser> UserManager = new UserManager<ApplicationUser>(store);
String userId = User.Identity.GetUserId();//"<YourLogicAssignsRequestedUserId>";
String newPassword = "test@123"; //"<PasswordAsTypedByUser>";
String hashedNewPassword = UserManager.PasswordHasher.HashPassword(newPassword);
ApplicationUser cUser = await store.FindByIdAsync(userId);
await store.SetPasswordHashAsync(cUser, hashedNewPassword);
await store.UpdateAsync(cUser);
How to Change AspNet Identity Password Hash to AspNet.Core Identity Password Hash
You cannot simply convert the hash value from one password hasher to another unless they ofcourse use the exact same hashing mechanism (in which case there would be no need for conversion in the first place).
I have encountered this scenario in few projects where we changed the password hashing mechanism and effectively, we had to send everyone password reset emails. In another project, it was not feasible so basically we forced the user to change their password upon first login (and we used the old hasher to validate their current password) and the new passwords would have been then hashed using the new hasher.
Asp.net Identity Auto sign out after changing password
Instead of calling _userManager.ChangePasswordAsync
, modify directly PasswordHash
:
var userName = HttpContext.Current.User.Identity.Name;
var user = _userManager.Find(userName, oldPassword);
user.PasswordHash = UserManager.PasswordHasher.HashPassword(password);
IdentityResult result = await UserManager.UpdateAsync(user);
Related Topics
Micro Optimization of a 4-Bucket Histogram of a Large Array or List
What Are the Differences Between the Xmlserializer and Binaryformatter
Difference Between Icomparable and Icomparer
How to Create an Odbc Dsn Entry Using C#
Convert Data Type from Inherited Classes in C#
Why Is There a Difference in Checking Null Against a Value in Vb.Net and C#
Ways to Synchronize Interface and Implementation Comments in C#
How to Use the .Net Timer Class to Trigger an Event at a Specific Time
Using Custom Fonts on a Label on Winforms
Button in a Column, Getting the Row from Which It Came on the Click Event Handler
How to Delete a Row from Gridview
Why Does System.Threading.Timer Stop on Its Own
Best Way to Share Data Between Two Child Components in Blazor
How to Use Async to Increase Winforms Performance
Combining Datatemplates at Runtime