.net – Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false

asp.netasp.net-mvc-2net

I got some website and now I want to get the passwords.

I use it:

<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
             connectionStringName="TravelChamps" 
enablePasswordRetrieval="true"
             enablePasswordReset="true"
             requiresQuestionAndAnswer="false"
             requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" 
             minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"             
             />

And this error happens:

Configured settings are invalid: Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false.

If I use it:

<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
             connectionStringName="TravelChamps" enablePasswordRetrieval="false"
             enablePasswordReset="true"
             requiresQuestionAndAnswer="false"
             requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" 
             minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"             
             />

I get the follwoing error:

An exception occurred retrieving your password: This Membership Provider has not been configured to support password retrieval.

I am totally confused.

Any suggestion where I can start to work around?

Best Answer

If you want the passwords could be retrieval or to get them as plain text (not encrypted) you must change some configurations of The Membership before you create first user.

Perform the following tasks (it relates to asp net):

1.In the file web.config, in tag membership/providers/add set attributes:

enablePasswordRetrieval="true"<br/>
passwordFormat="Encrypted"

my settings:

<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"     connectionStringName="maindb"
         enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" passwordFormat="Encrypted" />
  </providers>
</membership>

2.Generate so called validationKey and decryptionKey. You can do this by NET API:

my example:

public static class RNGCrypto_MachineKey
{
    public static string getRandomKey(int bytelength)
    {
        byte[] buff = new byte[bytelength];
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        rng.GetBytes(buff);
        StringBuilder sb = new StringBuilder(bytelength * 2);
        for (int i = 0; i < buff.Length; i++)
            sb.Append(string.Format("{0:X2}", buff[i]));
        return sb.ToString();
    }
}

generating:

string key64 = RNGCrypto_MachineKey.getRandomKey(64);
string key32 = RNGCrypto_MachineKey.getRandomKey(32);

3.Again, in the file web.config put the following settings inside the tag system.web:

    <machineKey validationKey="paste here the key64 string" decryptionKey="paste here the key32 string" validation="SHA1"/>

(about machinkey on msdn)

4.Now you can create users with passwords and then you can get plain password:

Membership.GetUser(username).GetPassword();
Related Topic