Suppose your membership provider ("AspNetSqlMembershipProvider") in Web.config has requiresQuestionAndAnswer="true" , make a second provider (for example, "AspNetSqlMembershipProviderAdministrativeReset") with all the same parameters, except requiresQuestionAndAnswer="false" .
Then you can create an action that the second provider explicitly uses to allow the administrator to reset the password without requiring the correct answer to the secret question, as in the following fragment:
var provider = Membership.Providers["AspNetSqlMembershipProviderAdministrativeReset"] as MembershipProvider; var newPassword = provider.ResetPassword(userName, null );