A project of ours required a user management interface to be implemented on top of the Membership framework, which required that the user in an “admin” role be able to change any user’s password to a new one (typed in by the admin).

The ASP Membership framework offers the handy MembershipUser.ChangePassword(String, String) function – http://msdn.microsoft.com/en-us/library/9d5bh3ec.aspx – that allows one to change the password of a user. However, it requires the old password of the user, which might not be available if one is changing the password of another user, not him/herself. One way to go here is to store the passwords of the users unencrypted, and retrieve them using MembershipUser.GetPassword(String)http://msdn.microsoft.com/en-us/library/kx96zecz.aspx. But this is not really an option for any site anymore, since storing the passwords in plain text is a gross security violation (imho).

So what one can do here is simply reset the password of that user, using the MembershipUser.ResetPassword(String) function, which conveniently returns the new password, and then use the returned string to set the password to a new one:

MembershipUser msUser = Membership.GetUser(TextBox_Username.Text);

msUser.ChangePassword(msUser.ResetPassword(), TextBox_NewPassword.Text);

The only downside to this solution is that the password is changed twice but since this operation is not one that will be performed too often, it is not a big deal.