Having created members like this, the following code:
IMember member = _memberService.FindByEmail(email, 0, 1, out totalRecords).Single();
return member.RawPasswordValue
And get a plaintext password out of Umbraco!
I think there could be a couple of things going on here.
Umbraco expects me to hash the password before creating the member. In this case, how can I use the same API to hash passwords that the backoffice is using, so that members created from the backoffice and my endpoint will be using the same hashing function?
Umbraco isn't hashing the passwords because I'm running locally in debug mode?
How come I can do member.RawPasswordValue and get a plain text password?
I'm creating members in a SurfaceController like this:
Having created members like this, the following code:
And get a plaintext password out of Umbraco!
I think there could be a couple of things going on here.
Umbraco expects me to hash the password before creating the member. In this case, how can I use the same API to hash passwords that the backoffice is using, so that members created from the backoffice and my endpoint will be using the same hashing function?
Umbraco isn't hashing the passwords because I'm running locally in debug mode?
Thanks in advance 👍
Gary
Hi Gary,
If you look at the documentation for the
CreateWithIdentity
method you'll see that it expects you to pass it the already encrypted/hashed password: https://github.com/umbraco/Umbraco-CMS/blob/db414e8045d0a455dae568a4f67675eab6c3ccef/src/Umbraco.Core/Services/MemberService.cs#L850Have a look at this article: http://24days.in/umbraco-cms/2015/membership-apis-investigation/
It seems that when using the
MemberService
you need to set the password after the member has been persisted:Another option would be to use
MembershipHelper.RegisterMember
(see the article above for details).Hope this helps.
Steven
Thanks Steven,
I'll take a look at this.
Best Regards, Gary
To set the password use
MemberService.SavePassword
after creating the member.And today?
is working on a reply...