I am using AspNet Membership Provider in MVC 3. I am facing issue in change password. I have two functionality in my project

1. Forgot password : ask security question and based on security answer change password.
2. Admin change password: a admin can change password of any user without knowing old password or security answer.

Now the issue is that for functionality # 1, i have to make changes in web config for making requiresQuestionAndAnswer="true" for change password so that i can change password only if security answer is valid.

<membership>
      <providers>
        <clear />
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
      </providers>
    </membership>

and i am using below code for changing password in forgot password:

   string resetPassword = res.ResetPassword(model.PasswordAnswer);
   MembershipService.ChangePassword(model.Username, newPassword, model.NewPassword)

now for situation # 2, where for admin i wants facility to change password of any user without knowing old password or security answer. which is only possible (as i know) by making requiresQuestionAndAnswer="false" .

Note:I am using separate MVC AREA for admin part, so may be a another web config can do some magic.

please suggest how can i have have both the features (reset password with security answer and without security answer) together in single application.

Thanks a lot

Finally got the answer: In web config i set the requiresQuestionAndAnswer="true" so this resolves the issue#1, now for forgot password a security answer is required.

and for issue#2 where i want the facility for admin to change password of any user without knowing old password or security answer. I have used Reflection for it to change the value of private variable _RequiresQuestionAndAnswer to false then reset the password and then again set its value to true:

var _requiresQA = Membership.Provider.GetType().GetField("_RequiresQuestionAndAnswer",
        System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic);
    //change the value in the private field
    _requiresQA.SetValue(Membership.Provider, false);
    //do the reset
    tempPassword = user.ResetPassword();
    //set it's original value
    _requiresQA.SetValue(Membership.Provider, true);

I got this solution at : http://djsolid.net/blog/asp.net-membership---change-password-without-asking-the-old-with-question-and-answer