I don't believe you can.

The psaswords are encrypted, and I think you can only check to see if a password matches what is stored as encrypted.

Of course I could be wrong.

What is it that you are trying to achieve?

but what does following mean in the UmbracoMembershipProvider?

enablePasswordRetrieval="true"

I believe that is related to the ASP membership provider.

It would enable a user to retrieve their own password (or more likely reset) using standard ASP methods

my question is simple: would it be possible to retrieve clear text password?

I don't believe it is.

Well, at least I hope it is not. Kind of goes against the whole idea of security.

Actually, it depends.

You have the option to HASH your passwords (which is irreversible - you cannot retrieve the original password). If you use hashing, any password given by the user will be hashed and compared to the stored hash to determine if it was correct or not. In short: there is no way back from a hash to the original password.

If you use ENCRYPTION, the password is -well- encrypted which means it IS possible to decrypt the password to the original if you have a secret key to do so.

Both umbraco (AFAIK version 4.0.2.1 up to 4.11.1) and the default ASP.NET membershipproviders use this mechanism.
Which one you choose depends on what you set in the web.config:

<membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
      <providers>
        <clear />       
        <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="true" RequiresUniqueEmail="false" enablePasswordReset="true" passwordFormat="encrypted" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Aangemeld" />
        <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" passwordFormat="encrypted"  />
      </providers>
    </membership>

I am not sure if both are needed.
You put this stuff in the system.web element of your web.config.

Oh and:

• You DO need both if you want this change for both the users and the members.
• Remember that after this change, all your stored passwords are gibberish to the system and need to be reset.
  In the example I used it for both (clear text passwords are EVIL). This means that when I used the above settings, all my passwords were messed up.

The way to do this:

1. Log into umbraco BEFORE making this change (or revert to the old settings). Leave this window open or you're in pain.
2. Change the web.config
3. Change the admin password in the window you left open. You can still to this.

Otherwise, you will be locked out.

is working on a reply...