Gets the password for the membership user from the membership data store.
(in System.Web.dll)
Visual Basic (Declaration)
Public Overridable Function GetPassword ( _
passwordAnswer As String _
) As String
Dim instance As MembershipUser
Dim passwordAnswer As String
Dim returnValue As String
returnValue = instance.GetPassword(passwordAnswer)
public virtual string GetPassword(
string passwordAnswer
)
public:
virtual String^ GetPassword(
String^ passwordAnswer
)
public function GetPassword(
passwordAnswer : String
) : String
Parameters
- passwordAnswer
- Type: System..::.String
The password answer for the membership user.
GetPassword calls the MembershipProvider..::.GetPassword method of the membership provider referenced by the ProviderName property to retrieve the password for the membership user from the membership data store. If a password answer is required and an incorrect password answer is supplied, a MembershipPasswordException is thrown by the membership provider.
If EnablePasswordRetrieval is false, the membership provider will return an exception. If the provider supports passwords with a PasswordFormat of Hashed, you will be unable to retrieve the password for the membership user and should consider making use of the ResetPassword method when a user has forgotten his or her password.
.gif) Note: |
|---|
A ConfigurationException will be thrown if enablePasswordRetrieval is set to true and passwordFormat is set to Hashed in the Web.config file for the ASP.NET application. |
If RequiresQuestionAndAnswer is false, you can supply nullNothingnullptra null reference (Nothing in Visual Basic) for the answer parameter, or use the GetPassword overload that does not take any parameters.
The following code example calls the GetPassword method to retrieve the password for a specified user name if the correct password answer is supplied. The password is sent to the user's e-mail address.
| Note: |
|---|
Returning a password in clear text using e-mail is not recommended for sites that require a high level of security. For high-security sites, it is recommended that you return passwords using encryption, such as SSL. |
.gif) Security Note: |
|---|
This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview. |
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Web.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Public Sub Page_Load(sender As Object, args As EventArgs)
If Not Membership.EnablePasswordRetrieval Then
FormsAuthentication.RedirectToLoginPage()
End If
Msg.Text = ""
If Not IsPostBack Then
Msg.Text = "Please supply a username."
Else
VerifyUsername()
End If
End Sub
Public Sub VerifyUsername()
Dim u As MembershipUser = Membership.GetUser(UsernameTextBox.Text, False)
If u Is Nothing Then
Msg.Text = "Username " & Server.HtmlEncode(UsernameTextBox.Text) & " not found. Please check the value and re-enter."
QuestionLabel.Text = ""
QuestionLabel.Enabled = False
AnswerTextBox.Enabled = False
EmailPasswordButton.Enabled = False
Else
QuestionLabel.Text = u.PasswordQuestion
QuestionLabel.Enabled = True
AnswerTextBox.Enabled = True
EmailPasswordButton.Enabled = True
End If
End Sub
Public Sub EmailPassword_OnClick(sender As Object, args As EventArgs)
Dim u As MembershipUser = Membership.GetUser(UsernameTextBox.Text, False)
Dim password As String
If Not u Is Nothing Then
Try
password = u.GetPassword(AnswerTextBox.Text)
Catch e As Exception
Msg.Text = "An exception occurred retrieving your password: " & Server.HtmlEncode(e.Message)
Return
End Try
EmailPassword(u.Email, password)
Msg.Text = "Password sent via e-mail."
Else
Msg.Text = "Password Answer is not valid. Please check the value and try again."
End If
End Sub
Private Sub EmailPassword(email As String, password As String)
Try
Dim Message As MailMessage = New MailMessage()
Message.To = email
Message.From = "administrator"
Message.Subject = "Your Password"
Message.Body = "Your password is: " & Server.HtmlEncode(password)
SmtpMail.SmtpServer = "smarthost"
SmtpMail.Send(Message)
Catch
Msg.Text = "An exception occurred sending your password. Please try again."
End Try
End Sub
</script>
<html >
<head>
<title>Sample: Retrieve Password</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Retrieve Password</h3>
<asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />
Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
<asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UsernameTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" /><br />
Password Question: <b><asp:Label id="QuestionLabel" runat="server" /></b><br />
Answer: <asp:TextBox id="AnswerTextBox" Columns="60" runat="server" Enabled="false" />
<asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
ControlToValidate="AnswerTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" Enabled="false" /><br />
<asp:Button id="EmailPasswordButton" Text="Email My Password"
OnClick="EmailPassword_OnClick" runat="server" Enabled="false" />
</form>
</body>
</html>
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Web.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
public void Page_Load(object sender, EventArgs args)
{
if (!Membership.EnablePasswordRetrieval)
{
FormsAuthentication.RedirectToLoginPage();
}
Msg.Text = "";
if (!IsPostBack)
{
Msg.Text = "Please supply a username.";
}
else
{
VerifyUsername();
}
}
public void VerifyUsername()
{
MembershipUser u = Membership.GetUser(UsernameTextBox.Text, false);
if (u == null)
{
Msg.Text = "Username " + Server.HtmlEncode(UsernameTextBox.Text) + " not found. Please check the value and re-enter.";
QuestionLabel.Text = "";
QuestionLabel.Enabled = false;
AnswerTextBox.Enabled = false;
EmailPasswordButton.Enabled = false;
}
else
{
QuestionLabel.Text = u.PasswordQuestion;
QuestionLabel.Enabled = true;
AnswerTextBox.Enabled = true;
EmailPasswordButton.Enabled = true;
}
}
public void EmailPassword_OnClick(object sender, EventArgs args)
{
MembershipUser u = Membership.GetUser(UsernameTextBox.Text, false);
string password;
if (u != null)
{
try
{
password = u.GetPassword(AnswerTextBox.Text);
}
catch (Exception e)
{
Msg.Text = "An exception occurred retrieving your password: " + Server.HtmlEncode(e.Message);
return;
}
EmailPassword(u.Email, password);
Msg.Text = "Password sent via e-mail.";
}
else
{
Msg.Text = "Password Answer is not valid. Please check the value and try again.";
}
}
private void EmailPassword(string email, string password)
{
try
{
MailMessage Message = new MailMessage();
Message.To = email;
Message.From = "administrator";
Message.Subject = "Your Password";
Message.Body = "Your password is: " + Server.HtmlEncode(password);
SmtpMail.SmtpServer = "smarthost";
SmtpMail.Send(Message);
}
catch
{
Msg.Text = "An exception occurred sending your password. Please try again.";
}
}
</script>
<html >
<head>
<title>Sample: Retrieve Password</title>
</head>
<body>
<form id="form1" runat="server">
<h3>Retrieve Password</h3>
<asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />
Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
<asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
ControlToValidate="UsernameTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" /><br />
Password Question: <b><asp:Label id="QuestionLabel" runat="server" /></b><br />
Answer: <asp:TextBox id="AnswerTextBox" Columns="60" runat="server" Enabled="false" />
<asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
ControlToValidate="AnswerTextBox" ForeColor="red"
Display="Static" ErrorMessage="Required" Enabled="false" /><br />
<asp:Button id="EmailPasswordButton" Text="Email My Password"
OnClick="EmailPassword_OnClick" runat="server" Enabled="false" />
</form>
</body>
</html>
Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98
The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
.NET Framework
Supported in: 3.5, 3.0, 2.0
Reference
Other Resources