Introduction
There are two ways to update a user's password in ASP.NET Identity :
- Changing the password by requiring the current one (the old password).
- Resetting the password.
Change a user's password
In order to change a user's password in ASP.NET Identity, we use the ChangePassword method.
The ChangePassword method changes the user's password and returns the result of the operation
as an IdentityResult object. The method requires 3 parameters : the user id, the current password and the new
password.
IdentityResult result = UserManager.ChangePassword(model.UserId, model.CurrentPassword, model.NewPassword);The ChangePassword method is called by the UserManager which is responsible for performing the user-related operations.
UserManager
We use the GetUserManager method to get the ApplicationUserManager from the OWIN context.
ApplicationUserManager UserManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
We use the ApplicationUserManager instead of the UserManager in order to use
the default validation logic for usernames and passwords configured in the IdentityConfig.cs file.
Namespaces
In order to use the GetUserManager method, the ChangePassword method and the IdentityResult object, you have to include the following namespaces :
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
Example
[HttpPost]
public ActionResult ChangePassword(ChangeUserPasswordViewModel model)
{
if (ModelState.IsValid) {
ApplicationUserManager UserManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
ApplicationUser user = UserManager.FindById(model.UserId);
if (user != null)
{
IdentityResult result = UserManager.ChangePassword(model.UserId, model.CurrentPassword, model.NewPassword);
if (result.Succeeded) {
return RedirectToAction("Index", "Home");
}
foreach (string error in result.Errors)
ModelState.AddModelError("", error);
return View(model);
}
return HttpNotFound();
}
return View(model);
}
In the above example, we get all the information needed to update the user's password via an HTTP Post
request. We get the user manager from the OWIN context by using the GetUserManager method and then
we use the FindById method to find the user to update by its id. If the user does not exist, we return
an HTTP 404 error page. Otherwise, we change its password by using the ChangePassword
method and we access the Succeeded property of the IdentityResult object to check if the opration
was successful. If it is not the case, we loop through the list of Errors and we add them to the ModelState
object by using the AddModelError method.
The ChangeUserPasswordViewModel object is the ViewModel that we are using in order to render and validate the
ChangePassword view.
public class ChangeUserPasswordViewModel
{
public string UserId { get; set; }
[Required]
[DataType(DataType.Password)]
[Display(Name = "Current password")]
public string CurrentPassword { get; set; }
[Required]
[DataType(DataType.Password)]
[Display(Name = "New password")]
public string NewPassword { get; set; }
[Required]
[DataType(DataType.Password)]
[Display(Name = "Confirm new password")]
[Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
public string ConfirmNewPassword { get; set; }
}
Reset a user's password
In order to reset a user's password in ASP.NET Identity, we use the ResetPassword method.
The ResetPassword method resets the user's password by using a reset password token and returns the result
of the operation as an IdentityResult object. The method requires 3 parameters : the user id, the reset
password token and the new password.
IdentityResult result = UserManager.ResetPassword(model.UserId, model.Token, model.NewPassword);In order to get the reset password token for a user, we use the GeneratePasswordResetToken method which takes the id of the user as a parameter.
string token = UserManager.GeneratePasswordResetToken(Id);Note : this is mostly used in an email-based password reset feature.
Example
[HttpPost]
public ActionResult ResetPassword(ResetUserPasswordViewModel model)
{
if (ModelState.IsValid)
{
ApplicationUserManager UserManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
ApplicationUser user = UserManager.FindById(model.UserId);
if (user != null)
{
IdentityResult result = UserManager.ResetPassword(model.UserId, model.Token, model.NewPassword);
if (result.Succeeded)
{
return RedirectToAction("Index", "Home");
}
foreach (string error in result.Errors)
ModelState.AddModelError("", error);
return View(model);
}
return HttpNotFound();
}
return View(model);
}
In the above example, we get all the information needed to reset the user's password via an HTTP Post
request. We get the user manager from the OWIN context by using the GetUserManager method and then
we use the FindById method to find the user to update by its id. If the user does not exist, we return
an HTTP 404 error page. Otherwise, we reset its password by using the ResetPassword
method and we access the Succeeded property of the IdentityResult object to check if the opration
was successful. If it is not the case, we loop through the list of Errors and we add them to the ModelState
object by using the AddModelError method.
The ResetUserPasswordViewModel object is the ViewModel that we are using in order to render and validate the
ResetPassword view.
public class ResetUserPasswordViewModel
{
public string UserId { get; set; }
[Required]
[DataType(DataType.Password)]
[Display(Name = "New password")]
public string NewPassword { get; set; }
public string Token { get; set; }
}
Namespaces
In order to use the GetUserManager method, the ResetPassword method, the GeneratePasswordResetToken method and the IdentityResult object, you have to include the following namespaces :
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;