I've inherited a DotNetNuke site that was built and managed by someone who thought storing user passwords as plain text was a good idea because he could easily look up a password and tell the user what it is if they forgot it and to log in as them if they had an issue. After recovering from my heart attack at discovering this and getting my mind to navigate away from the idea of how stupid that is, I need to fix it.
I know to change the web.config settings to use the correct password configuration, but was hoping someone else that's had to do this with a DotNetNuke site might provide some guidance on the best way to approach this. Should I just use standard .NET code and write an app to cycle through them and change them or do I need to use the DotNetNuke user objects? Any article links or sample code would be really helpful. I've found posts about doing this generally but not in the context of a DotNetNuke site and am unsure if there's any special considerations I need to take into account.