get current member username and password in razor

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Michaël Vanbrabandt 863 posts 3348 karma points c-trib

Mar 16, 2016 @ 08:57
1

Get current member username and password in razor

Extending Umbraco and using the API

Umbraco 7
Hi,

What is the easiest way to get the current logged in member his username and password?

When I use:
```
var member = Members.GetCurrentMember();
```
Then the member doesn't have the properties Username and Password.

Thanks

UPDATE
```
var profile = Members.GetCurrentMemberProfileModel();
var _username = profile.UserName;
var _password = "";
```
I got the UserName but now I only need the plain txt Password.

/Michael
Copy Link
Dave Woestenborghs 3504 posts 12133 karma points MVP 8x admin c-trib

Mar 16, 2016 @ 10:16

0

Hi Michaël,

Passwords are hashed before storing in the database. So it's not possible to retreive them as plain text.

I think it's possible to store the password as plain text in the database by changing the membership provider configuration.

But I would never recommend storing passwords as plain text in the database.

Maybe you can explain why you need the password as plain text ?

Dave

Copy Link
Michaël Vanbrabandt 863 posts 3348 karma points c-trib

Mar 16, 2016 @ 10:21

0

Hi Dave,

The username and password are needed to render 2 urls that redirects to webshops to automatically login.

These username and passwords are the same as the member in my umbraco website.

So when a member logs in, in my website with for example user and pwd then after login he sees 2 hyperlinks to other webshops like for example http://www.webshop.be?username=user&password=pwd

/Michael

Copy Link
Dave Woestenborghs 3504 posts 12133 karma points MVP 8x admin c-trib

Mar 16, 2016 @ 10:29

0

Michaël,

So the only option is to store the passwords as clear text in the database.

But if you already have members in there, they can't login anymore.

But still I think you should never pass sensitive information like a password in a URL.

Dave

Copy Link
Aristotelis Pitaridis 84 posts 402 karma points

Mar 16, 2016 @ 12:32

0

For the new members Dave is right you can store the password to an extra field. For the already registered members you can store the password when the user logs in. You will check if the username and password are correct and if they are correct you store the password for future use.

Copy Link
Dave Woestenborghs 3504 posts 12133 karma points MVP 8x admin c-trib

Mar 16, 2016 @ 12:53

0

But for me storing passwords in clear text is not done

Dave

Copy Link
Aristotelis Pitaridis 84 posts 402 karma points

Mar 16, 2016 @ 13:36

0

I agree with you but this is what Michael asked so we just give him a solution.

:)

Copy Link
Dennis Adolfi 1082 posts 6446 karma points MVP 5x c-trib

Mar 16, 2016 @ 13:49

0

At least md5 hash the password before passing it in the Url and maybe use som more cryptic querystring instead off pwd which for me is quite obvious that its short for passwod. I would not be very happy seeing my password in cleartext in the url.

(But offcourse, what Dave said, you should not store cleartext passwords in the first place.)

Copy Link
Damien (Slipoch) 62 posts 346 karma points

Oct 18, 2016 @ 01:35

1

Anybody actually going to give an answer?

Copy Link
is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?