I ran into a very stupid case yesterday. My friend called me and asked me to help her with her website, she got trouble and could not login to admin panel. And I did some diagnosis test, nothing wrong, DB' was up and running, no problem, no login exception, her site is written in ASP.NET and everything is alive and well. Just right after that she told me that she forgot the password :-<

If you lost your password, what would you do ? Go to reset password feature. Guess what ? There's no reset password page 8-} . Actually, I remembered that not many developers implement this feature, especially for administration page, and also the author of the website. I will remember this for the next project.

Next, I tried to hack into the code to bypass the password verification, and guess what ? The code is compiled. So I could only have one choice left: hard reset in Database. And the most funniest thing begin: he used asp.net membership to provide authentication :-<

 I have used ASP.NET Membership before, in my university project, but I have never really tried to understand how it store data, that the way I want to approach for reusability: don't care what inside. But in this case, I have to dive into the blackbox.

No surpirse, the password is salt-encoded. I did some google, tried to fingure out how to reset password directly. I found this page. Their approach is to copy the password hash from another user and use the password of other user to login. (I added some comment to make it easier to understand

SELECT password, passwordformat, passwordsalt
FROM aspnet_membership am
    INNER JOIN aspnet_users au
        ON (au.userid = am.userid)
    INNER JOIN aspnet_applications aa
        ON (au.applicationId = aa.applicationid)
WHERE au.username = 'admin'
    AND aa.applicationname = 'DotNetNuke' -- you can look up this value in aspnet_application table
GO
 
--Prepare the change date
DECLARE @changeDate datetime
SET @changeDate = getdate()
 
--copy value from above
exec aspnet_Membership_setPassword 'DotNetNuke', 
                        'TestUser', 
                        'DM1tZvBjM+27Eck5eI1TWFeG42XuJnMuin3jqFOtMjS83RN6d7dFbQ==', 
                        '4e5Bb5jOOMYu/JFXVdRmlA==',
                        @changeDate, 
                        2
 
--Sets the password to dnnadmin 

The problem here is there is only one user :)) ,and the best thing is aspnet_Membership_setPassword uses hashed value, not raw value, we can't use it to reset password.

After more google, I found an other approach. It is quite simple: upload to the server, run and reset. Because it runs as a part of the application, it can access directly to ASP.NET Membership, that's all :D. It took me 10mins to write the script and 1 min to solve the problem.

Later, I found another script on MSDN, it's better and easier than mine. I attached here for convience, if anyone knows that it violate copyright or whatever , please let me know. I will remove it:-D