ASP.Net Membership Password Administration

If you need to update user's passwords that are stored in the aspnet_Membership, the below code should help you accomplish this.

If you are using the default SqlMemberShip provider for authentication, you may have a need to manually reset a user's password.  In order to accomplish this, you can hash the password with a salt and then store the password and salt in the aspnet_Membership table.

string salt = GenerateSalt();
string password = EncodePassword("mypassword", 1, salt);

public string EncodePassword(string pass, int passwordFormat, string salt)


if (passwordFormat == 0) // MembershipPasswordFormat.Clear

return pass;

byte[] bIn = Encoding.Unicode.GetBytes(pass);

byte[] bSalt = Convert.FromBase64String(salt);

byte[] bAll = new byte[bSalt.Length + bIn.Length];

byte[] bRet = null;

System.Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);System.

Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);

if (passwordFormat == 1)

{ // MembershipPasswordFormat.Hashed

HashAlgorithm s = HashAlgorithm.Create(Membership.HashAlgorithmType);

bRet = s.ComputeHash(bAll);




//bRet = EncryptPassword(bAll);


return Convert.ToBase64String(bRet);


private string GenerateSalt()


byte[] buf = new byte[SALT_SIZE_IN_BYTES];

(new RNGCryptoServiceProvider()).GetBytes(buf);

return Convert.ToBase64String(buf);



Once you have the salt and password, you can store them in the database. 


UPDATE [aspnet_Membership] SET Password = [use the password hash from above],

PasswordSalt = [use salt from above] WHERE [UserId] = CAST('123456789...' as uniqueidentifier)


Finally you can now authenticate the user with a password of "mypassword".


Add comment