18
votes

I've been writing a web application using the MVC4 Internet template. I really didn't need anything complicated for user management, so I went with the default SimpleMembershipProvider. I'm initializing membership in App_Start, and I have roles and users set up and working. I am not using SSO or any of the other OAuth features. Now I have a tester that has forgotten his password and after googling all day I realize I have no idea how to just reset his password or change it!

I've read through the documentation and found that the ResetPassword function is not supported if using SimpleMembership. My question is, how do I either:

  1. switch from SimpleMembership to standard membership that uses the SimpleMembership tables and format
  2. reset the user's password to something I specify?

I've found the web.config settings to (theoretically) set the membership provider to use SimpleMembership, but I'm not sure of how to specify the table to use (assuming that's the right way to do it).

web.config section:

<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
  <providers>
    <clear/>
    <add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
  </providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
  <providers>
    <clear/>
    <add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
  </providers>
</membership>

and the current InitializeDatabaseConnection that I (think) I need to have in the web.config:

WebSecurity.InitializeDatabaseConnection("UPEFSSecurity", "Datamart_User", "UserId", "UserName", autoCreateTables: true);
1
stackoverflow.com/questions/13212938/… This will suffice your requirements :)Palak Sanghani

1 Answers

45
votes

To do this properly you would need to set up an email recovery link. But here's the API calls you would make:

var token = WebSecurity.GeneratePasswordResetToken(username);
// create a link with this token and send email

// link directed to an action with form to capture password
WebSecurity.ResetPassword(token, password);

http://msdn.microsoft.com/en-us/library/webmatrix.webdata.websecurity.resetpassword(v=vs.111).aspx