I am struggling to change the login passwords if I don’t know the old password.
My app has an admin feature where the admin created user passwords when he creates an account.
User a custom login form so no one but him can create the account
This is for an internal business. When the user forgets there password they have to go to the admin to reset/change it. I can only do it if i know the current password.
I have tried the UserManager.ChangePasswordAsync but this requires the old password and confirm password which I don’t have or need.
AccountController: this edits the users perfect accept the password
[Authorize(Roles = "Admin")]
[HttpGet]
public async Task<ActionResult> Edit(string id)
{
ViewData["RoleId"] = new SelectList(_context.Roles, "Id", "Name");
var user = new UserViewModel();
var result = await _userManager.FindByIdAsync(id);
user.FirstName = result.FirstName;
user.LastName = result.LastName;
user.Email = result.Email;
user.Id = result.Id;
return View(user);
}
[Authorize(Roles = "Admin")]
[HttpPost]
public async Task<ActionResult> Edit(string id, UserViewModel model)
{
var result = await _userManager.FindByIdAsync(id);
result.FirstName = model.FirstName;
result.LastName = model.LastName;
result.Email = model.Email;
result.RoleId = model.RoleId;
result.Id = model.Id;
var finalresult = await _userManager.UpdateAsync(result);
if (finalresult.Succeeded)
{
return RedirectToAction("Index");
}
else
{
return View(model);
}
}
Edit view:
@model Deadfiles.ViewModels.UserViewModel
@{
ViewData["Title"] = "Edit User";
}
<h1>Edit User</h1>
<hr />
<div class="row">
<div class="col-md-12">
<form asp-action="Edit">
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label asp-for="FirstName" class="control-label"></label>
<input asp-for="FirstName" class="form-control" />
<span asp-validation-for="FirstName" class="text-danger"></span>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label asp-for="LastName" class="control-label"></label>
<input asp-for="LastName" class="form-control" />
<span asp-validation-for="LastName" class="text-danger"></span>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label asp-for="Email" class="control-label"></label>
<input asp-for="Email" class="form-control" />
<span asp-validation-for="Email" class="text-danger"></span>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label asp-for="Password" class="control-label"></label>
<input asp-for="Password" type="password" class="form-control" />
<span asp-validation-for="Password" class="text-danger"></span>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label asp-for="RoleId" class="control-label"></label>
<select asp-for="RoleId" class="form-control" asp-items="ViewBag.RoleId"></select>
</div>
</div>
</div>
<div class="form-group">
<a asp-action="Index" class="btn btn-danger">Back to List</a>
<input type="submit" value="Update User" class="btn btn-primary" />
</div>
</form>
</div>
</div>
@section Scripts {
@{
await Html.RenderPartialAsync("_ValidationScriptsPartial");
}
}
I have tried the UserManager.ChangePasswordAsync() but the requires the old password and I only have the new password as an admin
3
You can use the ResetPasswordAsync method available on the UserManager.
An example of how you might use this is as follows:
var user = await _userManager.FindByIdAsync(id);
if (user is null)
{
// do something relevant to not locating the user
}
var token = await _userManager.GeneratePasswordTokenAsync(user);
var passwordResetResult = await _userManager.ResetPasswordAsync(
user,
token,
model.Password
);
if (!passwordResetResult.Succeeded)
{
// do something relevant to not successfully resetting the password
}
2