is it possible to retriev the password for particular user

Go to solution

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

dima 4 posts 24 karma points

Sep 22, 2010 @ 08:29

0

Is it possible to Retriev the password for particular user

Is it possible to Retriev the password for particular user.

I am using Membership Provider:

    <machineKey validationKey="E3CF3D4250E0597997C33A9A82D623260AD55122" decryptionKey="F2CCDA4E3CF7B8A39ADE311355F5F6E22CCC37D9DEB48ECF" decryption="3DES" validation="SHA1" />

         <add name="UmbracoMembershipProvider"
      type="Optifast.OptifastMemberShipProvider"
      enablePasswordRetrieval="true"
    enablePasswordReset="true"
    requiresQuestionAndAnswer="false"
    defaultMemberTypeAlias="consumer"
    passwordFormat="Encrypted"
    umbracoApprovePropertyTypeAlias="approved"
    umbracoLockPropertyTypeAlias="locked"
    umbracoFailedPasswordAttemptsPropertyTypeAlias="pwFails"
    umbracoCommentPropertyTypeAlias="comment"
    umbracoLastLoginPropertyTypeAlias="lastLogin"
    umbracoPasswordRetrievalQuestionPropertyTypeAlias="pwQuestion"
    umbracoQuestionRetrievalAnswerPropertyTypeAlias="pwAnswer"
    minRequiredPasswordLength="7"
    minRequiredNonalphanumericCharacters="0"/>



          <add name="AspNetSqlMemberShipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="LocalSqlServer" />

        <add name="UsersMembershipProvider"
            type="umbraco.providers.UsersMembershipProvider"
            enablePasswordRetrieval="false"
            enablePasswordReset="false"
            requiresQuestionAndAnswer="false"
            passwordFormat="Encrypted"/>

Copy Link
Richard Soeteman 4046 posts 12899 karma points MVP 2x

Sep 22, 2010 @ 08:43

0

Hi,

No you can only reset the password because in your config the password is encrypted. Below you find a snippet how to do this:

var member = Membership.GetUser("loginname of the member");
member.ChangePassword(member.GetPassword(), "the new password");

More info about membership can be found here http://msdn.microsoft.com/en-us/library/cyckw0z6.aspx

Hope this helps you,

Richard

Copy Link
dima 4 posts 24 karma points

Sep 22, 2010 @ 09:10

0

yes, looks like

I was thinking that encripted can be decripted ( it is not hashed)

But when I am using

OptifastMemberShipProvider obj = new OptifastMemberShipProvider();

byte[] buff = obj.DecryptPassword(ByteArray);

It returns exception: "Bad data"

Copy Link
Steen Tøttrup 191 posts 291 karma points c-trib

Sep 22, 2010 @ 09:12

0

Actually I think it is hashed, MD5 probably.

Copy Link
dima 4 posts 24 karma points

Sep 22, 2010 @ 09:20

0

What do you mean MD5 probably?

Does it hardcoded somewhere in umbraco customMembershipProvider?

Copy Link
Steen Tøttrup 191 posts 291 karma points c-trib

Sep 22, 2010 @ 09:33

0

Ah, nevermind me, I was talking about the password stored in the database.

Copy Link
Rik Helsen 670 posts 873 karma points

Sep 22, 2010 @ 10:10
0
There's a 50/50 you can recover your password from an MD5 hash library (something like: http://www.md5decrypter.co.uk/ ). Then change the password.
```
How many decryptions are in your database?

We have a total of 7,447,737,437 (over 7 billion) 
unique decrypted md5 hashes since August 2007, the BIGGEST INSTANT 
online database available that doesn't use rainbow tables.
```
but i doubt this is your goal ? :)
Copy Link
dima 4 posts 24 karma points

Sep 23, 2010 @ 01:18

0

Yes, but how do you know that MD5 hashing involved?

In web.config only 3DES has been mentioned..

Is it hardcoded in umbraco?

Copy Link
Rik Helsen 670 posts 873 karma points

Sep 28, 2010 @ 09:22

0

Dima: based on this topic: http://our.umbraco.org/forum/developers/api-questions/6316-MD5-encrypted-member-passwords

I conclude that it is in fact SHA1 that's being used.

Copy Link
is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?