Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Berto 105 posts 177 karma points
    Sep 03, 2010 @ 19:17
    Berto
    1

    Membership GetPassword bug (with temporary solution)

    Hi,

    In my new site, I have a option for the users to recover password to their email. I changed the web.config Membership settings to the following

    <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="true" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Encrypted" />

    and added the following

    <machineKey validationKey="thisIsSecret ;)" decryptionKey="thisIsSecret ;)" validation="SHA1" decryption="AES"/>

    The GetPassword method was still returning the password encrypted.

    I found this topic with a solution, but for this i have recompile the core of umbraco.

    So, for those of you that wan't this feature, and while the bug is not corrected, get the password to and decrypt it with the following (example):

    string theUserPassword = Member.GetUser().getPassword();
    string UndecodedPassword = ((umbraco.providers.members.UmbracoMembershipProvider)System.Web.Security.Membership.Provider).UnEncodePassord(theUserPassword);

    Keep up the good work :D

    Links used for these "solution":

    UmbracoMembershipProvider: GetPassword() Bug

    Modify EditMember.aspx to display password

  • Matt Brailsford 4125 posts 22223 karma points MVP 9x c-trib
    Sep 04, 2010 @ 16:29
    Matt Brailsford
    1

    Hi Berto

    Id be tempted to go with the modification to the membership provider, but instead of modifying the core, just create a new class that extends the umbraco provider, and just override that method. That way it's an easy swap in the web.config once it's fixed and doesnt clutter your business logic with unnecesary code.

    Matt

  • Berto 105 posts 177 karma points
    Sep 06, 2010 @ 19:08
    Berto
    0

    Now that's a good solution!

    Next time (I hope that it won't be necessary) I'll do that ;)

     

  • Hendrik Jan 71 posts 137 karma points
    Sep 06, 2010 @ 19:13
    Hendrik Jan
    0


    Does this also effect password revery?, i couldnt use the normal recovery control because it was emailing the password encrypted *(using decryption="encrypted")

  • Berto 105 posts 177 karma points
    Sep 06, 2010 @ 19:38
    Berto
    1

    Short answer: Yes!

    The problem is when you call the getPassword, it's returning the password directly from Membership instead of decrypting it the password and then return the password. You can see why in this post.

    For now you can:

    1) The Fastest: Call the UnEncodePassord to decrypt the password (Less code, but can have problems when upgrading the umbraco when this bug corrected, basically, when corrected, your decrypt the password twice if you don't change your code.)

    2) The Correct: Extend from Membership and override the method getPassword to decrypt the password (more code, but easy to change when the bug is corrected, just a change in the web.config, and it will work on future umbraco upgrades with any change on your code)

    3) The Ninja: Get the code of umbraco, make the change, compile it, and deploy over your umbraco installation.

    If you need more, I can post my code in here (1st solution)

  • Qube 74 posts 116 karma points
    Nov 23, 2010 @ 04:31
    Qube
    4

    I followed Matt's advice and created a sub class. The following is my attempt at using the absolute minimum amount of code to get the job done. Hope it helps others:

    using System;
    using System.Web.Security;
    using umbraco.providers.members;

    namespace MYASSEMBLY.Umbraco.Providers {

        public class ExtendedMembershipProvider : UmbracoMembershipProvider {

            public override string GetPassword(String username, String answer) {
                String returnValue = base.GetPassword(username, answer);
                if (base.PasswordFormat == MembershipPasswordFormat.Encrypted) returnValue = base.UnEncodePassword(returnValue);
                return returnValue;
            }

        }

    }

    I then changed this line in web.config:

    <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="true" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="MYDEFAULTTYPE" passwordFormat="Encrypted" />

    To this:

    <add name="UmbracoMembershipProvider" type="MYASSEMBLY.Umbraco.Providers.ExtendedMembershipProvider" enablePasswordRetrieval="true" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="MYDEFAULTTYPE" passwordFormat="Encrypted" />

     

  • Deepfreezed 8 posts 28 karma points
    May 17, 2011 @ 20:43
    Deepfreezed
    0

    Can anyone tell me if this has been fixed in the latest version? I am using  passwordFormat="encrypted" and machine key in the web.config. Cannot change member password in Umbraco backoffice.

    I am still getting encrypted password in email.

  • Bo Petersen 28 posts 61 karma points
    May 17, 2011 @ 20:59
    Bo Petersen
    0

    You cannot get an Encrypted or Hashed password back from Umbraco you need to Reset it see this post.

    http://our.umbraco.org/wiki/how-tos/membership-providers

     

     

  • Deepfreezed 8 posts 28 karma points
    May 17, 2011 @ 21:17
    Deepfreezed
    0

    That said, Thank You Qube for providing the solution above. It works well without much hassel. Solution should be put in FAQ.

    Bo, you should not be able to get Hashed password. Encrypted should be retrievable. I can verify that it is retrievable with the solution above. 

  • Bo Petersen 28 posts 61 karma points
    May 17, 2011 @ 21:52
    Bo Petersen
    0

    ooh my mistake. just tried it. hashed is one way, encryped like MD5 is twoway. thanks. //bo

    glad you solved it.

Please Sign in or register to post replies

Write your reply to:

Draft