How, I can change password, if I do not know the old password?

Question

I need create method, which can change password in database if I do not know the old password. For example, I have next code:

      public IHttpActionResult ChangePassword(ChangePasswordBindingModel model)
    {
        if (!ModelState.IsValid)
        {
            return BadRequest(ModelState);
        }

        var result = UserManager.ChangePassword(User.Identity.GetUserId(), model.OldPassword,
            model.NewPassword);
        if (!result.Succeeded)
        {
            return GetErrorResult(result);
        }

        return Ok();
    }

In this code need "model.OldPassword" but User don't know old password. I have only password and current user id.

Answer 1

Well, I have no idea whether this is optimal, but it's pretty easy.

First:

var code = await UserManager.GeneratePasswordResetTokenAsync(userId);

then

var result = await UserManager.ResetPasswordAsync(userId, code, someNewPassword);

You could even wrap it up in an extension method

public static class UserManagerEx
{
    public static async Task<IdentityResult> ForceChangePassword<T, TUserId>(
        this UserManager<T, TUserId> userManager,
        TUserId userId,
        string newPassword)
            where T : class, IUser<TUserId>
            where TUserId : IEquatable<TUserId>
    {
        var code = await userManager.GeneratePasswordResetTokenAsync(userId);
        var result = await userManager.ResetPasswordAsync(userId, code, newPassword);
        return result;
    }
}

then call it:

var result = UserManager.ForceChangePassword(userId, newPassword);