I'm using Umbraco Membership provider and have more of a best practices type question.
I have the password type set to Hashed. I want to be able to send the user a new password when he forgets his password, but also want to allow the user to change his password after he logs on.
Can this be done using the regular asp.net membership controls?
You can't "decrypt" a hashed password. If you want to be able recover a password you either store it encrypted or in plain text (the latter only if you have no concern for security).
Like Mike said a few months ago, you cannot retrieve a hashed password. I am surprised it works in 4.7.0. You either have to use encrypted password or clear text (security!).
Also, do not forget to put your defaultMemberTypeAlias property to the actual type alias in your Umbraco instance.
If you are testing with a previous account it is normal: your previous settings were set to "hashed", so the password was hashed in the DB. Now that you have set it to clear, when requesting the password, you just get what's in the DB, which is the hashed version. There is no "un-hashing" possible.
What you can do is set the clear password manually in the DB, or try with a complete new account. Then it should work.
Your right, i just realised that the hashed password as the previous one i saved previously. After updating my password and making a recovery i received the clear one.
umbraco membership provider password recovery
Hi,
I'm using Umbraco Membership provider and have more of a best practices type question.
I have the password type set to Hashed. I want to be able to send the user a new password when he forgets his password, but also want to allow the user to change his password after he logs on.
Can this be done using the regular asp.net membership controls?
If so, what setting do I need to use?
Thank you!
Hi Elad
To send the user a new password you can find more information about this here: http://msdn.microsoft.com/en-us/library/ms178329.aspx
To make the user able to change the password you can find more information here: http://msdn.microsoft.com/en-us/library/ms178329.aspx#the_changepassword_control
You should be able to just use these controls out of the box.
Hope this helps.
/Jan
Thank you!
Thats the info I was looking for.
I ended up just needing to play around with the provider settings in the web.config.
Hi,
I want to decrypt the hashed umbraco memership password. Any ideas??
Thanks,
Usman
You can't "decrypt" a hashed password. If you want to be able recover a password you either store it encrypted or in plain text (the latter only if you have no concern for security).
All the best
Mike
Hi Jan,
Am using the same control from msdn but getting this error message when submitting the email add.
Membership provider does not support password retrieval or reset.
Any thought why?
Hi Fuji,
Did you set your provider settings to enable password retrieval in your web.config file?
Cheers,
Michael
Hi Michael.
After changing my web.config to this
<add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" />I get Configutation Error.
Provider can not retrieve hashed password
Am using version 4.7.1, it works just fine under 4.70.
Hi Fuji,
Like Mike said a few months ago, you cannot retrieve a hashed password. I am surprised it works in 4.7.0. You either have to use encrypted password or clear text (security!).
Also, do not forget to put your defaultMemberTypeAlias property to the actual type alias in your Umbraco instance.
Cheers,
Michael.
<membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
Now that i have the following setting
<addname="UmbracoMembershipProvider"type="umbraco.providers.members.UmbracoMembershipProvider"enablePasswordRetrieval="true"enablePasswordReset="false"requiresQuestionAndAnswer="false"defaultMemberTypeAlias="Another Type"passwordFormat="Clear"/>I instead get the password results in mailbox to "Hashed" and "Reset" to a new generated one.
Any help on this please?
Hi Fuji,
If you are testing with a previous account it is normal: your previous settings were set to "hashed", so the password was hashed in the DB. Now that you have set it to clear, when requesting the password, you just get what's in the DB, which is the hashed version. There is no "un-hashing" possible.
What you can do is set the clear password manually in the DB, or try with a complete new account. Then it should work.
Cheers,
Michael.
Hi Michael,
Your right, i just realised that the hashed password as the previous one i saved previously. After updating my password and making a recovery i received the clear one.
Thanks for the response thought
//fuji
No problem :-)
Great news it works!
Cheers,
Michael.
is working on a reply...