Reputation: 37633
Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false
I got some website and now I want to get the passwords.
I use it:
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="TravelChamps"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"
/>
And this error happens:
Configured settings are invalid: Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false.
If I use it:
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="TravelChamps" enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"
/>
I get the follwoing error:
An exception occurred retrieving your password: This Membership Provider has not been configured to support password retrieval.
I am totally confused.
Any suggestion where I can start to work around?
Upvotes: 5
Views: 17683
Answers (5)
Reputation: 11
This is the best answer I got after too many search. use this inside an page load of default page and reset the password . Note* :- Make sure you change the webconfig file with this setting enablePasswordRetrieval="true" passwordFormat="Encrypted"
MembershipUser user = Membership.GetUser("username", false);
string resetPassword = user.ResetPassword();
user.ChangePassword(resetPassword, "new password to set");
'''
Upvotes: 1
Reputation: 191
As others have stated, the original password can't be retrieved, and you shouldn't typically provide a mechanism to recover passwords anyways (just reset them). However, if your goal is to reset the password to some known value, it can be done along these lines:
MembershipUser usr = Membership.GetUser("username", false);
string resetPassword = usr.ResetPassword();
usr.ChangePassword(resetPassword, "yayiknowthepassword");
Upvotes: 2
Reputation: 11235
If you want the passwords could be retrieval or to get them as plain text (not encrypted) you must change some configurations of The Membership before you create first user.
Perform the following tasks (it relates to asp net):
1.In the file web.config, in tag membership/providers/add set attributes:
enablePasswordRetrieval="true"<br/>
passwordFormat="Encrypted"
my settings:
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="maindb"
enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" passwordFormat="Encrypted" />
</providers>
</membership>
2.Generate so called validationKey and decryptionKey. You can do this by NET API:
my example:
public static class RNGCrypto_MachineKey
{
public static string getRandomKey(int bytelength)
{
byte[] buff = new byte[bytelength];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetBytes(buff);
StringBuilder sb = new StringBuilder(bytelength * 2);
for (int i = 0; i < buff.Length; i++)
sb.Append(string.Format("{0:X2}", buff[i]));
return sb.ToString();
}
}
generating:
string key64 = RNGCrypto_MachineKey.getRandomKey(64);
string key32 = RNGCrypto_MachineKey.getRandomKey(32);
3.Again, in the file web.config put the following settings inside the tag system.web:
<machineKey validationKey="paste here the key64 string" decryptionKey="paste here the key32 string" validation="SHA1"/>
4.Now you can create users with passwords and then you can get plain password:
Membership.GetUser(username).GetPassword();
Upvotes: 11
Reputation: 813
To answer the question, you can use the method outlined in this link: Retrieving the users password
but I would never do such a thing as to make your users information insecure. You should allow them to "reset" only, never retrieve. You should not see or be able to retrieve your users passwords and I would advise anyone against using your application or website due to this, but the method outlined in the link works.
Upvotes: 1
Reputation: 182733
You can't get the passwords because they were never stored. (Specifically to ensure nobody could ever do exactly what you're trying to do.) The workaround is not to get the passwords.
Upvotes: 4
Related Questions
- Password Hash does not match
- Asp.net MVC - How to hash password
- Hashing Password fails
- How to reproduce the password hash created by asp.net MVC default membership
- SQL hashing a password
- Retrieving password when the password stored as a hash value
- How to reproduce ASP.NET MVC 4 password hash
- Hashing Passwords With ASP.NET MVC 3
- The password retrieval answer provided is invalid
- I need to get the password which is Hashed in ASP.net