how can I reset a userspassword after he reached the maxInvalidPasswordAttempts using aspnet membership provider?
I'm assuming that this is in the context of an admin user overwriting an existing user password (or a forgot my password reset type function) with a new known password. There is a trick involved since you need to first reset the password 'randomly' to get a known password to pass to ResetPassword:
public bool ResetUserPassword(Guid userId, string newPassword)
{
MembershipUser user = Membership.Provider.GetUser(userId, false);
// Unlock the user account if necessary
user.UnlockUser();
Membership.UpdateUser(user);
// Trick here is that have to reset it randomly first to be able to provide a new known password
string tmpPassword = user.ResetPassword();
return user.ChangePassword(tmpPassword, newPassword);
}
There is also another way, which is to copy the Password (hash), PasswordFormat and PasswordSalt fields in the aspnet_Membership table directly from another known user to the 'lost' one, but that is a horrible hack.