Home/ Questions/Q 7847477
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T17:54:36+00:00

I am going to update security question and answer in aspnet_Membership. Usually it is

  • 0

I am going to update security question and answer in aspnet_Membership. Usually it is done by code:

 user.ChangePasswordQuestionAndAnswer(password, question, answer);

But I don’t know the password. I found that there is a default stored procedure.The stored procedure is:

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER OFF
GO
ALTER PROCEDURE [dbo].[aspnet_Membership_ChangePasswordQuestionAndAnswer]
    @ApplicationName       nvarchar(256),
    @UserName              nvarchar(256),
    @NewPasswordQuestion   nvarchar(256),
    @NewPasswordAnswer     nvarchar(128)
AS
BEGIN
   DECLARE @UserId uniqueidentifier
   SELECT  @UserId = NULL
   SELECT  @UserId = u.UserId
   FROM    dbo.aspnet_Membership m, dbo.aspnet_Users u, dbo.aspnet_Applications a
   WHERE   LoweredUserName = LOWER(@UserName) AND
        u.ApplicationId = a.ApplicationId  AND
        LOWER(@ApplicationName) = a.LoweredApplicationName AND
        u.UserId = m.UserId
   IF (@UserId IS NULL)
   BEGIN
      RETURN(1)
   END

   UPDATE dbo.aspnet_Membership
     SET    PasswordQuestion = @NewPasswordQuestion, PasswordAnswer = @NewPasswordAnswer
    WHERE  UserId=@UserId
   RETURN(0)
   END

However I just found the answer is a clear text. How can I use the stored procedure and hashing it?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you have access to the user you can change their password prior using the Membership method: 

    public virtual bool ChangePassword(string oldPassword, string newPassword)

    You could try

    string newPassword = user.ResetPassword();
user.ChangePassword(newPassword, "SOMENEWPASSWORD");

    Then do

    user.ChangePasswordQuestionAndAnswer("SOMENEWPASSWORD", question, answer);
    • 0