I'm using a member event to send out a registration email. The registration email is controlled by a true/false member property with an alias of sendEmail. As the password is hashed, the password is shown as a (0) in the email.
The version of Umbraco is v
4.0.4.2, and I was wondering if I change the password format to clear? I know this is not secure, but it would allow me to send out the password. Have tried to change the webconfig:
Just checked the cmsMember table and the passwords are being saved in a clear format. Issue fixed, I was using (0), instead of {0} in string.format(...).
Thanks
Eddie
P.s If possible could someone reply, so I can close the topic.
I was actually gonna reply, but I refreshed the thread before posting and I saw you fixed your problem :-)
For the record: don't you need to also set "enablePasswordRetrieval=true" in the web.config?
Also, I don't know if it is for an existing site or a new one, but if you already have registered members with the "hashed" version, their password will stay hashed in the database => changing the format to "clear" afterwards will cause their encrypted password to be seen as invalid. In ASP.Net membership provider, the password format is kept in the member record so it's no problem to change the format afterwards, but it is not the case in the Umbraco Membership provider, as far as I know.
That's what I thought, but it seems to work when either set to true or false? Will go ahead and make the change anyway. Although it would be good to get some confirmation on this.
It might depend on the moment on which you need to access the password. If it is with the MembershipUser object you got from the "CreateUser" method, the password might still be there, but if you later reload the user, then it won't.
Maybe a stupid question, but have you tried with the "hashed" format after you fixed your "{0}" issue? Because if you are in the first scenario (with the intially created MembershipUser object), my guess is that it would also work with the "hashed" format.
Change password to clear format
Hi All
I'm using a member event to send out a registration email. The registration email is controlled by a true/false member property with an alias of sendEmail. As the password is hashed, the password is shown as a (0) in the email.
The version of Umbraco is v 4.0.4.2, and I was wondering if I change the password format to clear? I know this is not secure, but it would allow me to send out the password. Have tried to change the webconfig:
But this has not made a change? Do I need to resave / re-create any existing members?
Or do I need to take a different approach to send out the password?
Thanks
Eddie
Hi All
Just checked the cmsMember table and the passwords are being saved in a clear format. Issue fixed, I was using (0), instead of {0} in string.format(...).
Thanks
Eddie
P.s If possible could someone reply, so I can close the topic.
Hello Eddie,
I was actually gonna reply, but I refreshed the thread before posting and I saw you fixed your problem :-)
For the record: don't you need to also set "enablePasswordRetrieval=true" in the web.config?
Also, I don't know if it is for an existing site or a new one, but if you already have registered members with the "hashed" version, their password will stay hashed in the database => changing the format to "clear" afterwards will cause their encrypted password to be seen as invalid. In ASP.Net membership provider, the password format is kept in the member record so it's no problem to change the format afterwards, but it is not the case in the Umbraco Membership provider, as far as I know.
Cheers,
Michael.
Hi Michael
That's what I thought, but it seems to work when either set to true or false? Will go ahead and make the change anyway. Although it would be good to get some confirmation on this.
Thanks again
Eddie
Hi Eddie,
It might depend on the moment on which you need to access the password. If it is with the MembershipUser object you got from the "CreateUser" method, the password might still be there, but if you later reload the user, then it won't.
Maybe a stupid question, but have you tried with the "hashed" format after you fixed your "{0}" issue? Because if you are in the first scenario (with the intially created MembershipUser object), my guess is that it would also work with the "hashed" format.
Cheers,
Michael.
is working on a reply...