Get hashed password SimpleMembership

Question

I am using ASP.NET and MVC4 to develop a system. The authentication/authorization is done by simpleMembership.

My team(we belong at a company) needs to retrieve data from an api of some other team of the same company (the user has the same username/passwords at both systems).

The api has a function getUserID(username,password).

The passwords at the databases are encrypted.

How I am able to get the encrypted password of a user, in order to call that function of an API?

I am trying to do it like that

    SimpleMembershipProvider provider = new SimpleMembershipProvider();
    string name = provider.GetPassword("testUser1");

But the above needs a String Answer as well.

I do not want to find the user's plaintext password, just to get the hashed password of a user.

Thanks

Answer 1

If you call MembershipUser.GetPassword you will get a not implemented exception since MembershipUser applies to the old ASP.NET provider. Just some of the frustrations you typically see when using the membership provider model.

In SimpleMembership the password is stored in a different table/entity than the user profile information, and it is called webpages_Membership. SimpleMembership uses EF code-first but it does not give you direct access to the other entities it uses, besides the UserProfile. Everything else is hidden behind the WebSecurity class. So if this class does not provide you with what you need the only way I know to get access is to go directly to the database. Here is a way to do this that I verified works.

  var context = new UsersContext();
  var username = User.Identity.Name;
  int userId = WebSecurity.GetUserId(username); 
  string sqlCmd = "select Password from webpages_Membership where UserId = " + userId.ToString();
  string password = context.Database.SqlQuery<string>(sqlCmd).FirstOrDefault();