If you need to update user's passwords that are stored in the aspnet_Membership, the below code should help you accomplish this.
If you are using the default SqlMemberShip provider for authentication, you may have a need to manually reset a user's password. In order to accomplish this, you can hash the password with a salt and then store the password and salt in the aspnet_Membership table.
string salt = GenerateSalt();
string password = EncodePassword("mypassword", 1, salt);
public string EncodePassword(string pass, int passwordFormat, string salt)
{
if (passwordFormat == 0) // MembershipPasswordFormat.Clear
return pass;
byte[] bIn = Encoding.Unicode.GetBytes(pass);
byte[] bSalt = Convert.FromBase64String(salt);
byte[] bAll = new byte[bSalt.Length + bIn.Length];
byte[] bRet = null;
System.Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);System.
Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
if (passwordFormat == 1)
{ // MembershipPasswordFormat.Hashed
HashAlgorithm s = HashAlgorithm.Create(Membership.HashAlgorithmType);
bRet = s.ComputeHash(bAll);
}
else
{
//bRet = EncryptPassword(bAll);
}
return Convert.ToBase64String(bRet);
}
private string GenerateSalt()
{
byte[] buf = new byte[SALT_SIZE_IN_BYTES];
(new RNGCryptoServiceProvider()).GetBytes(buf);
return Convert.ToBase64String(buf);
}
Once you have the salt and password, you can store them in the database.
UPDATE [aspnet_Membership] SET Password = [use the password hash from above],
PasswordSalt = [use salt from above] WHERE [UserId] = CAST('123456789...' as uniqueidentifier)
Finally you can now authenticate the user with a password of "mypassword".