asp.net membership change password without knowing old one

Question

Evaluting the method signature, it is required to know old password while changing it.

membershipUser.ChangePassword(userWrapper.OldPassword, userWrapper.Pas         


        

Answer 1

@Rob Church is right:

The other answers here are correct but can leave the password in an unknown state.

However, instead of his solution to do the validation by hand, I would try to change the password using the ResetPassword from token method and catch and show the error:

var user = UserManager.FindByName(User.Identity.Name);
string token = UserManager.GeneratePasswordResetToken(user.Id);
var result = UserManager.ResetPassword(user.Id, token, model.Password);
if (!result.Succeeded){
    // show error
}