Reputation: 557
Could I get the decrypted password in membership from database?
<add name="LDSAMembers"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName=""
applicationName=""
requiresUniqueEmail="true"
passwordFormat="Encrypted"
minRequiredPasswordLength="6"
enablePasswordReset="true"
enablePasswordRetrieval="true"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="15"
requiresQuestionAndAnswer="false"
minRequiredNonalphanumericCharacters="0" />
i need decrypted password to login in the system.i find password and passwordsalt field in database
Upvotes: 1
Views: 13021
Answers (6)
Reputation: 37648
I used the above configuration in a scenario where it was appropriate (i.e. passwordFormat="Encrypted"). The following code was used to reset a user's password with a specified new password (as oppposed to generating a new password), so that the cs rep can ask the user for a new password while on the phone and change it for them, without knowing the old password.
A call to user.ChangePassword requires the current password to be passed:
MembershipUser user = Membership.GetUser(userId);
user.ChangePassword(user.GetPassword(), newpw);
user.Password() returns the current password in clear text.
Upvotes: 3
Reputation: 37074
You will need the encrypted password, salt and the machineKey section from the machine that encrypted the password.
This section MUST be defined, which it is not by default, to support encryption. So, unless you are working on the server that encrypted the data, you will need to get the keys from that machine.
They can be defined anywhere in between the web.config of the app all the way down to the root web.config in c:\windows\microsoft.net
So - there is the key, so to speak.
If you have access to this section, DO NOT POST IT HERE, but do leave me a comment and we can talk about decrypting.
Upvotes: 0
Reputation: 16680
Assuming that you actually have a real connection string configured (and not connectionStringName="" like in your example), you can just use this in your code
Membership.GetPassword(username, "");
There are a lot of exceptions that can be thrown by that method, for example if the password answer is actually set, or if the user is locked out. See here for more details:
http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.getpassword.aspx
Upvotes: 1
Reputation: 273169
I see you have enablePasswordReset="true", so use the normal route.
Upvotes: 2
Reputation: 171351
Typically systems like this are designed using one-way encryption to prevent exactly what you are trying to do. If you are working on the system, it is better to create your own account rather than use someone else's.
Upvotes: 0
Related Questions
- Decrypting an 'Encrypted' password from ASP.NET 2.0 Membership
- How to Retrieve the password from asp.net membership provider from DB
- how to get the password of membership users in asp.net
- Is there any way for Decrypt Password in aspnet_Membership table?
- how to get user password in decrypted format
- Retrieve the password from developer point of the user, which is encrypted by ASP.NET membership provider
- Decrypt asp.net membership password from a windows forms application
- Decrypting ASPNET_Membership Password
- How to retrieve Membership's PasswordAnswer
- .NET custom MembershipProvider decrypt password