Question
Our module has retrieve password functionality so that if a user has forgotten the password he may retrieve it and the system will send it via email. We are using SimpleMembership on MVC4. I checked the WebSecurity class but it has no "GetPassword" method. I tried to search the net and instead I found this implementation.
https://stackoverflow.com/questions/19440708
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianvar user = System.Web.Security.Membership.GetUser(userName);
password = user.GetPassword();
I got error on GetPassword saying "Specified method is not supported.". I also added the following in my web.config but I still got the error mentioned even though the user object has value.
<membership defaultProvider="simple">
<providers>
<clear />
<add name="simple" type="WebMatrix.WebData.SimpleMembershipProvider,WebMatrix.WebData"
enablePasswordRetrieval="true"
enablePasswordReset="true" requiresQuestionAndAnswer="false"/>
</providers>
...
Is there other ways to retrieve simple membership password of a user? I can query on webpages_Membership table but the password is encrypted. Anyone knows decryption algorithm for this? I tried FormsAuthentication.Decrypt(encryptedpassword); but I got error "Invalid value for 'encryptedTicket' parameter." although that password passed is encrypted.
Please help.
Solution
There is absolutely no way to do what you are proposing, getting the plain text password, from the webmatrix security implenetation. The password is salted and hashed, you cannot reverse this to get the plain text password and this is a good thing.
The webmatrix provider does supply all the functions you need to support creating a password reset token that can be sent to a registered email addres, rather than sending passwords in plain text.
