I think that store passwords in clear text should be the last resource. Its true, doesn't seem that we have a method to return the the hashed passwords. On a project with similar functionality I end up using the reset password method creating a random strong password and send this to the users.
You can reset a password for the member and email it to them using the following steps:
Use Membership.GeneratePassword() to generate a new random password
Encrypt the new password and save it to the member object e.g. member.Password = EncryptPassword(newPassword) - a trick here is to use the existing umbraco users membership provider which has a method to Encode the password
Email the member their new password
For bonus points you can redirect the user to the Change Password page when they log in from you emailed link (using a parameter on the link, or by setting a flag on the member account)
Sending member their password, best practice?
Hi
I've written a small routine that sends a member their username/password, but it fails on "cannot retrieve hashed password".
So what's the best practice for this? use the reset password method? or store passwords in clear text? or any others?
Thanks, Pete
Hi Pete,
I think that store passwords in clear text should be the last resource. Its true, doesn't seem that we have a method to return the the hashed passwords. On a project with similar functionality I end up using the reset password method creating a random strong password and send this to the users.
Hope this helps you.
Regards,
João Ferreira
Hi Pete,
You can reset a password for the member and email it to them using the following steps:
{As others have said, never store passwords in clear text. Generate a new one for the user, and let him change it himself.
is working on a reply...