Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Gary Cheetham 20 posts 144 karma points
    Mar 31, 2017 @ 09:33
    Gary Cheetham

    How come I can do member.RawPasswordValue and get a plain text password?

    I'm creating members in a SurfaceController like this:

    private readonly Umbraco.Core.Services.IMemberService _memberService;
    // .....
    public IMember CreateMember(Models.Member member)
        return _memberService.CreateWithIdentity(member.Username, member.EmailAddress, member.Password, "member");

    Having created members like this, the following code:

    IMember member = _memberService.FindByEmail(email, 0, 1, out totalRecords).Single();
    return member.RawPasswordValue

    And get a plaintext password out of Umbraco!

    I think there could be a couple of things going on here.

    • Umbraco expects me to hash the password before creating the member. In this case, how can I use the same API to hash passwords that the backoffice is using, so that members created from the backoffice and my endpoint will be using the same hashing function?

    • Umbraco isn't hashing the passwords because I'm running locally in debug mode?

    Thanks in advance 👍


  • Steven Harland 78 posts 518 karma points c-trib
    Mar 31, 2017 @ 11:03
    Steven Harland

    Hi Gary,

    If you look at the documentation for the CreateWithIdentity method you'll see that it expects you to pass it the already encrypted/hashed password:

    Have a look at this article:

    It seems that when using the MemberService you need to set the password after the member has been persisted:

    newMember = service.CreateWithIdentity("[email protected]", "[email protected]", "Mike Bowen", "MyMemberType");
    service.SavePassword(newMember, "24DaysInUmbraco");

    Another option would be to use MembershipHelper.RegisterMember (see the article above for details).

    Hope this helps.


  • Gary Cheetham 20 posts 144 karma points
    Mar 31, 2017 @ 11:04
    Gary Cheetham

    Thanks Steven,

    I'll take a look at this.

    Best Regards, Gary

  • Sebastiaan Janssen 5052 posts 15505 karma points MVP admin hq
    Mar 31, 2017 @ 14:09
    Sebastiaan Janssen

    To set the password use MemberService.SavePassword after creating the member.

  • Biagio Paruolo 1599 posts 1830 karma points c-trib
    Dec 07, 2022 @ 17:39
    Biagio Paruolo

    And today?

Please Sign in or register to post replies

Write your reply to: