MembershipUser.GetPassword Method ()

Gets the password for the membership user from the membership data store.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)

'Declaration
Public Overridable Function GetPassword As String
'Usage
Dim instance As MembershipUser
Dim returnValue As String

returnValue = instance.GetPassword
public String GetPassword ()
public function GetPassword () : String
Not applicable.

Return Value

The password for the membership user.

GetPassword calls the MembershipProvider.GetPassword method of the membership provider referenced by the ProviderName property to retrieve the password for the membership from the membership data store.

If EnablePasswordRetrieval is false, the membership provider will return an exception. If the provider supports passwords with a PasswordFormat of Hashed, you will be unable to retrieve the password for the membership user and should consider making use of the ResetPassword method when a user has forgotten his or her password.

NoteNote:

A ConfigurationException will be thrown if enablePasswordRetrieval is set to true and passwordFormat is set to Hashed in the Web.config file for the ASP.NET application.

If RequiresQuestionAndAnswer is true, you must use the GetPassword overload that takes a password answer as a parameter and supply the password answer for the membership user. If a password answer is required and an incorrect password answer is supplied, a MembershipPasswordException is thrown by the membership provider.

The following code example calls the GetPassword method to retrieve the password for a specified user name. The password is sent to the user's e-mail address. Note that RequiresQuestionAndAnswer is assumed to be false.

NoteNote:

Returning a password in clear text using e-mail is not recommended for sites that require a high level of security. For high-security sites, it is recommended that you return passwords using encryption, such as SSL.

Security noteSecurity Note:

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview (Visual Studio).

<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Web.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

Public Sub Page_Load(sender As Object, args As EventArgs)
  If Not Membership.EnablePasswordRetrieval Then
    FormsAuthentication.RedirectToLoginPage()
  End If

  Msg.Text = ""

  If Not IsPostBack Then
    Msg.Text = "Please supply a username."
  Else
    VerifyUsername()
  End If
End Sub


Public Sub VerifyUsername()
    Dim u As MembershipUser = Membership.GetUser(UsernameTextBox.Text, False)

    If u Is Nothing Then
      Msg.Text = "Username " & Server.HtmlEncode(UsernameTextBox.Text) & " not found. Please check the value and re-enter."

      EmailPasswordButton.Enabled = False
    Else
      EmailPasswordButton.Enabled = True
    End If
End Sub


Public Sub EmailPassword_OnClick(sender As Object, args As EventArgs)
  Dim u As MembershipUser = Membership.GetUser(UsernameTextBox.Text, False)
  Dim password As String

  If Not u Is Nothing Then
    Try
      password = u.GetPassword()
      Catch e As Exception
        Msg.Text = "An exception occurred retrieving your password: " & Server.HtmlEncode(e.Message)
        Return
    End Try

    EmailPassword(u.Email, password)
    Msg.Text = "Password sent via e-mail."
  Else
    Msg.Text = "Password Answer is not valid. Please check the value and try again."
  End If
End Sub


Private Sub EmailPassword(email As String, password As String)
  Try
    Dim Message As MailMessage = New MailMessage()
    Message.To = email
    Message.From = "administrator"
    Message.Subject = "Your Password"
    Message.Body = "Your password is: " & Server.HtmlEncode(password)

    SmtpMail.SmtpServer = "smarthost"
    SmtpMail.Send(Message)
  Catch 
    Msg.Text = "An exception occurred sending your password. Please try again."
  End Try
End Sub

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Retrieve Password</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Retrieve Password</h3>

  <asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />

  Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
            <asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
                                        ControlToValidate="UsernameTextBox" ForeColor="red"
                                        Display="Static" ErrorMessage="Required" /><br />

  <asp:Button id="EmailPasswordButton" Text="Email My Password" 
              OnClick="EmailPassword_OnClick" runat="server" Enabled="false" />

</form>

</body>
</html>

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions

ADD
Show: