asp.net membership change password without knowing old one

 string username = "username"; string password = "newpassword"; MembershipUser mu = Membership.GetUser(username); mu.ChangePassword(mu.ResetPassword(), password);

The other answers here are correct, but can leave the password in an unknown state.

ChangePassword will throw exceptions if the password doesn't meet the requirements laid out in Web.Config (minimum length, etc.). But it only fails after ResetPassword has been called, so the password will not be known to the original user or to the person who's tried to change it. Check for complexity requirements before changing the password to avoid this:

var user = Membership.GetUser(userName, false);if ((newPassword.Length >= Membership.MinRequiredPasswordLength) &&    (newPassword.ToCharArray().Count(c => !Char.IsLetterOrDigit(c)) >=         Membership.MinRequiredNonAlphanumericCharacters) &&    ((Membership.PasswordStrengthRegularExpression.Length == 0) ||         Regex.IsMatch(newPassword, Membership.PasswordStrengthRegularExpression))) {    user.ChangePassword(user.ResetPassword(), newPassword);} else {    // Tell user new password isn't strong enough}

You need to reset the user's password before changing it, and pass in the generated password to ChangePassword.

string randompassword = membershipUser.ResetPassword();membershipUser.ChangePassword(randompassword , userWrapper.Password)

or inline:

membershipUser.ChangePassword(membershipUser.ResetPassword(), userWrapper.Password)