You don't need to know the old password if you use the Reset password
method, that takes the username and the security question answer.
Otherwise provide your own MembershipProvider implementation. Just inherit
from the standard one and add your own method, ChangePassword, that does
what you need.

You can do it with the default membership provider.

There are a number of settings in web.config that will affect the
password regime (see example below). If EnablePasswordReset is false
then the system will demand the old password or the security question
answer. Otherwise the ResetPassword() method can have no parameters
although it will supply an automatically generated new password that
you cannot choose.

If you wan't to set the password to something specific then it
requires two steps:

string AutoPassword= AMembershipUser.ResetPassword();
AmembershipUser.ChangePassword(AutoPassword, "MyPreferredPassword")

HTH

Appendix:

Extract from web.config where the ASP.NET tab in IIS manager dialog
has been used to override default settings:

   <membership>
     <providers>
       <remove name="AspNetSqlMembershipProvider" />
       <add connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
         enablePasswordReset="true" requiresQuestionAndAnswer="true"
         applicationName="/" requiresUniqueEmail="false"
passwordFormat="Hashed"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="5"
         minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
         passwordStrengthRegularExpression=""
name="AspNetSqlMembershipProvider"
         type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
     </providers>
   </membership>