Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Gary Cheetham 20 posts 144 karma points
    Mar 31, 2017 @ 09:33
    Gary Cheetham
    0

    How come I can do member.RawPasswordValue and get a plain text password?

    I'm creating members in a SurfaceController like this:

    private readonly Umbraco.Core.Services.IMemberService _memberService;

// .....

public IMember CreateMember(Models.Member member)
{
    return _memberService.CreateWithIdentity(member.Username, member.EmailAddress, member.Password, "member");
}

    Having created members like this, the following code:

    IMember member = _memberService.FindByEmail(email, 0, 1, out totalRecords).Single();

return member.RawPasswordValue

    And get a plaintext password out of Umbraco!

    I think there could be a couple of things going on here.

    • Umbraco expects me to hash the password before creating the member. In this case, how can I use the same API to hash passwords that the backoffice is using, so that members created from the backoffice and my endpoint will be using the same hashing function?

    • Umbraco isn't hashing the passwords because I'm running locally in debug mode?

    Thanks in advance 👍

    Gary

    Copy Link
  • Steven Harland 78 posts 518 karma points c-trib
    Mar 31, 2017 @ 11:03
    Steven Harland
    101

    Hi Gary,

    If you look at the documentation for the CreateWithIdentity method you'll see that it expects you to pass it the already encrypted/hashed password: https://github.com/umbraco/Umbraco-CMS/blob/db414e8045d0a455dae568a4f67675eab6c3ccef/src/Umbraco.Core/Services/MemberService.cs#L850

    Have a look at this article: http://24days.in/umbraco-cms/2015/membership-apis-investigation/

    It seems that when using the MemberService you need to set the password after the member has been persisted:

    newMember = service.CreateWithIdentity("milquetoastable@gmail.com", "milquetoastable@gmail.com", "Mike Bowen", "MyMemberType");
service.Save(newMember);
service.SavePassword(newMember, "24DaysInUmbraco");

    Another option would be to use MembershipHelper.RegisterMember (see the article above for details).

    Hope this helps.

    Steven

    Copy Link
  • Gary Cheetham 20 posts 144 karma points
    Mar 31, 2017 @ 11:04
    Gary Cheetham
    0

    Thanks Steven,

    I'll take a look at this.

    Best Regards, Gary

    Copy Link
  • Sebastiaan Janssen 5061 posts 15544 karma points MVP admin hq
    Mar 31, 2017 @ 14:09
    Sebastiaan Janssen
    0

    To set the password use MemberService.SavePassword after creating the member.

    Copy Link
  • Biagio Paruolo 1621 posts 1914 karma points c-trib
    Dec 07, 2022 @ 17:39
    Biagio Paruolo
    0

    And today?

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies