MembershipUser.GetPassword Method (String)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Gets the password for the membership user from the membership data store.

Namespace:   System.Web.Security
Assembly:  System.Web.ApplicationServices (in System.Web.ApplicationServices.dll)

abstract GetPassword : 
        passwordAnswer:string -> string
override GetPassword : 
        passwordAnswer:string -> string


Type: System.String

The password answer for the membership user.

Return Value

Type: System.String

The password for the membership user.

Exception Condition

This method is not available. This can occur if the application targets the .NET Framework 4 Client Profile. To prevent this exception, override the method, or change the application to target the full version of the .NET Framework.

GetPassword calls the MembershipProvider.GetPassword method of the membership provider referenced by the ProviderName property to retrieve the password for the membership user from the membership data store. If a password answer is required and an incorrect password answer is supplied, a MembershipPasswordException is thrown by the membership provider.

If EnablePasswordRetrieval is false, the membership provider will return an exception. If the provider supports passwords with a PasswordFormat of Hashed, you will be unable to retrieve the password for the membership user and should consider making use of the ResetPassword method when a user has forgotten his or her password.


A ConfigurationException will be thrown if enablePasswordRetrieval is set to true and passwordFormat is set to Hashed in the Web.config file for the ASP.NET application.

If RequiresQuestionAndAnswer is false, you can supply null for the answer parameter, or use the GetPassword overload that does not take any parameters.

The following code example calls the GetPassword method to retrieve the password for a specified user name if the correct password answer is supplied. The password is sent to the user's e-mail address.


Returning a password in clear text using e-mail is not recommended for sites that require a high level of security. For high-security sites, it is recommended that you return passwords using encryption, such as SSL.

System_CAPS_security Security Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

No code example is currently available or this language may not be supported.

.NET Framework
Available since 2.0
Return to top