While working on an application which uses SharePoint 2010 claims, I came across a strange error trying to create a password change web part for users who had forgotten their password (and, consequently, can't log in so they need to change their password without any kind of system identity). I assumed – wrongly – that calling System.Web.Security.Membership.GetUser() and passing in a user id string (from an encrypted query string value) would provide the MembershipUser object so the ChangePassword() method could then be called. Instead, all I got was a "method or object not implemented" error. I found this odd, as it certainly *is* implemented in System.Web.Security, so instead I tried SPClaimsAuthMembershipProvider, which essentially does the same thing, but received the same result. Troubling.
After a bit of Binging around I found a lot of people experiencing the same issue but no real solutions. There were a lot of examples for creating a custom membership provider and overriding the GetUser() method but that seemed like overkill to me, especially as the AspNetSQLMembershipProvider was otherwise working just fine. Then I stumbled upon a thread on the MSDN forums in which Francois Pienaar suggested looping through the membership collection to get the user object then calling the ChangePassword() method from there. That didn't seem very logical and it certainly wasn't performance-enhancing but, lo and behold, it worked. Go figure that. The code is as simple as this:
string _uid = "firstname.lastname@example.org";
string _newPassword = "somepassword";
MembershipUserCollection mc = Membership.GetAllUsers();
foreach (MembershipUser mu in mc)
if (mu.UserName == _uid)
Ugly but effective. Anyone with elementary coding skills can see right away what the problem with this solution is – the nasty "foreach" loop to iterate through all the users. If there are thousands of users in your membership database, this is going to be a serious performance killer. I couldn't find any way around it so I'm going with it for now but I would sure like to hear a better solution to this if somebody has one.