I have been trying to find a way to give an Administrator the ability to reset or provide a new password for a user through the membership class. I'm beginning to think that the membership class doesn't allow for this. A typical situation where an Administrator would need to get involved is when a user forgets his/her password and forgets the answer to the security question. Without either of those pieces of information the user can neither reset nor retrieve their credentials.
Through my web.config I have set the following related settings for the provider
<add requiresQuestionAndAnswer="true" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0"
enablePasswordRetrieval="true" enablePasswordReset="true" passwordFormat="Encrypted" So using the methods provided by the membership class it seems to me that for an Administrator to retrieve the password he would need to know the answer to the security question, which he does not.
So my question is three-fold. Is there any way I can give an Administrator a way to reset a password without knowing the answer to the security question? Or how does this Admin retrieve the answer to the question without knowing the password? What are the best practices (links/examples please) for resetting a user's password when they have forgotten both the password & security answer?
Thanks and Merry Christmas
Gary