开发者

How to Retrieve the password from asp.net membership provider from DB

I want to retreive users passwords from the db , I tried something like this :

SELECT password, passwordformat, passwordsalt
FROM aspnet_membership am
INNER JOIN aspnet_users au
    ON (au.userid = am.userid)
INNER JOIN aspnet_applications aa
    ON (au.applicationId = aa.applicationid)
 WHERE au.username = 开发者_开发技巧'xxxxxxxxxxx'
AND aa.ApplicationId = 'xxxxxxxxxx'

But the query returns the hashed password , Is there any way i can get the original password not the hashed one. Thnx


If it is hashed you cannot retrieve it but you can recover it. Do not invent the wheel and use e.g. PasswordRecovery Control.

UPDATE:

If you by all means want to avoid using the PasswordRecovery control and want to implement this functionality by yourself you still do not need to implement your own queries to aspnet_db. There are plenty of built in methods for most of security issues in the Membership API.

You can use something like follows to reset the password:

 string username = "user";
 string password = "pass@word";
 MembershipUser mu = Membership.GetUser(username);
 mu.ChangePassword(mu.ResetPassword(), password);

This should work in case you store hashed passwords and disable q&a. In case you want q&a be enabled you can use a workaround described here.


No you can't!! Its a hashed not encrypted

You should not store passwords as plain text

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜