Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • jonok 297 posts 658 karma points
    Jul 08, 2010 @ 11:09
    jonok
    0

    Modify EditMember.aspx to display password

    I've had a request from my client to display member passwords when they are viewed/edited in the umbraco interface. I've downloaded and modified the source code for 'members/EditMember.aspx' but when I display the password it is encrypted (as I expected). I know its not advisable from a security point of view, but my client needs this functionality, so I'm wondering if its possible to decrypt the password? Or is it using a one-way hash that can't be decrypted?

  • Thomas Höhler 1237 posts 1709 karma points MVP
    Jul 08, 2010 @ 11:33
    Thomas Höhler
    0

    Take a look into the Umbraco Membership Provider:

       public string EncodePassword(string password)
            {
                string encodedPassword = password;
                switch (PasswordFormat)
                {
                    case MembershipPasswordFormat.Clear:
                        break;
                    case MembershipPasswordFormat.Encrypted:
                        encodedPassword =
                          Convert.ToBase64String(EncryptPassword(Encoding.Unicode.GetBytes(password)));
                        break;
                    case MembershipPasswordFormat.Hashed:
                        HMACSHA1 hash = new HMACSHA1();
                        hash.Key = Encoding.Unicode.GetBytes(password);
                        encodedPassword =
                          Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
                        break;
                    default:
                        throw new ProviderException("Unsupported password format.");
                }
                return encodedPassword;
            }

    There is also a function called GetPassword and UnEncodePassword and EncodePassword

    hth, Thomas

  • jonok 297 posts 658 karma points
    Jul 08, 2010 @ 11:44
    jonok
    0

    Thomas - how do I access these methods in the code? When I put in "umbraco.providers.members.UmbracoMembershipProvider" - I can't see any methods. Is this the correct way to access the methods?

    I should have mentioned that I'm using Umbraco 4.0, does this change anything?

    Thanks!

  • Thomas Höhler 1237 posts 1709 karma points MVP
    Jul 08, 2010 @ 12:11
    Thomas Höhler
    0

    v4 is the same code as v4.5 so it should work. To get acces to the actual membershipProvider you can use System.Web.Security.Membership. It also has a Property called Provider which gives you back the actual Provider. If this is set to the UmbracomembershipProvider you shuold be able to cast it like :

    ((providers.members.UmbracoMembershipProvider)System.Web.Security.Membership.Provider).EncodePassord();

    didn't tested it yet, but it should do it. The disadvantage is that this will only work with the umbraco Membership provider...

    hth, Thomas

  • jonok 297 posts 658 karma points
    Jul 08, 2010 @ 12:22
    jonok
    0

    Thanks for that Thomas - now I can access the method but its throwing the exception "Cannot unencode a hashed password". Do you know if there is a way to unencode a hashed password?

  • Thomas Höhler 1237 posts 1709 karma points MVP
    Jul 08, 2010 @ 12:33
    Thomas Höhler
    0

    no, if it is a hashed password this is a one way thing (see here). So the only possibility is to use the reset password function to let the user create a new password.

    Thomas

  • jonok 297 posts 658 karma points
    Jul 08, 2010 @ 12:54
    jonok
    0

    Thanks very much for your help Thomas, I have now changed the config so that the password format is 'clear' and I can now display the password. Thanks again - this is a great community.

Please Sign in or register to post replies

Write your reply to:

Draft