I've had a request from my client to display member passwords when they are viewed/edited in the umbraco interface. I've downloaded and modified the source code for 'members/EditMember.aspx' but when I display the password it is encrypted (as I expected). I know its not advisable from a security point of view, but my client needs this functionality, so I'm wondering if its possible to decrypt the password? Or is it using a one-way hash that can't be decrypted?
Thomas - how do I access these methods in the code? When I put in "umbraco.providers.members.UmbracoMembershipProvider" - I can't see any methods. Is this the correct way to access the methods?
I should have mentioned that I'm using Umbraco 4.0, does this change anything?
v4 is the same code as v4.5 so it should work. To get acces to the actual membershipProvider you can use System.Web.Security.Membership. It also has a Property called Provider which gives you back the actual Provider. If this is set to the UmbracomembershipProvider you shuold be able to cast it like :
Thanks for that Thomas - now I can access the method but its throwing the exception "Cannot unencode a hashed password". Do you know if there is a way to unencode a hashed password?
no, if it is a hashed password this is a one way thing (see here). So the only possibility is to use the reset password function to let the user create a new password.
Thanks very much for your help Thomas, I have now changed the config so that the password format is 'clear' and I can now display the password. Thanks again - this is a great community.
Modify EditMember.aspx to display password
I've had a request from my client to display member passwords when they are viewed/edited in the umbraco interface. I've downloaded and modified the source code for 'members/EditMember.aspx' but when I display the password it is encrypted (as I expected). I know its not advisable from a security point of view, but my client needs this functionality, so I'm wondering if its possible to decrypt the password? Or is it using a one-way hash that can't be decrypted?
Take a look into the Umbraco Membership Provider:
There is also a function called GetPassword and UnEncodePassword and EncodePassword
hth, Thomas
Thomas - how do I access these methods in the code? When I put in "umbraco.providers.members.UmbracoMembershipProvider" - I can't see any methods. Is this the correct way to access the methods?
I should have mentioned that I'm using Umbraco 4.0, does this change anything?
Thanks!
v4 is the same code as v4.5 so it should work. To get acces to the actual membershipProvider you can use System.Web.Security.Membership. It also has a Property called Provider which gives you back the actual Provider. If this is set to the UmbracomembershipProvider you shuold be able to cast it like :
didn't tested it yet, but it should do it. The disadvantage is that this will only work with the umbraco Membership provider...
hth, Thomas
Thanks for that Thomas - now I can access the method but its throwing the exception "Cannot unencode a hashed password". Do you know if there is a way to unencode a hashed password?
no, if it is a hashed password this is a one way thing (see here). So the only possibility is to use the reset password function to let the user create a new password.
Thomas
Thanks very much for your help Thomas, I have now changed the config so that the password format is 'clear' and I can now display the password. Thanks again - this is a great community.
is working on a reply...