Membership.EnablePasswordRetrieval Property
Gets a value indicating whether the current membership provider is configured to allow users to retrieve their passwords.
Assembly: System.Web (in System.Web.dll)
Property Value
Type: System.Booleantrue if the membership provider supports password retrieval; otherwise, false.
If EnablePasswordRetrieval is false, the underlying membership provider may throw a HttpException.
The providers that are included with the .NET Framework support multiple password formats to enhance password security. If the password format is set to Hashed, then users will not be able to retrieve their existing password from the database. The Hashed password format provides one-way encoding of password values. Passwords are "hashed" and compared to values stored in the database for authentication. "Hashed" values cannot be un-encoded to retrieve the original password value. For more information, see MembershipPasswordFormat.
The following code example shows the element in the system.web section of the Web.config file for an ASP.NET application. It specifies that the application use an instance of the SqlMembershipProvider and enables password retrieval.
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
<providers>
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="true"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
passwordFormat="Encrypted"
applicationName="MyApplication" />
</providers>
</membership>
The following code example first verifies that EnablePasswordRetrieval is true, then retrieves the password for a specified user name and sends it to the e-mail address for the specified user.
Security Note
|
|---|
Returning a password in clear text using e-mail is not recommended for sites that require a high level of security. For high-security sites, we recommend that you return passwords using encryption, such as SSL. This example includes a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview. |
<%@ Page Language="VB" %> <%@ Import Namespace="System.Web.Security" %> <%@ Import Namespace="System.Net.Mail" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> Public Sub Page_Load(ByVal sender As Object, ByVal args As EventArgs) If Not Membership.EnablePasswordRetrieval Then FormsAuthentication.RedirectToLoginPage() End If Msg.Text = "" If Not IsPostBack Then Msg.Text = "Please enter a user name." Else VerifyUsername() End If End Sub Private Sub VerifyUsername() Dim user As MembershipUser = Membership.GetUser(UsernameTextBox.Text, False) If user Is Nothing Then Msg.Text = "The user name " & Server.HtmlEncode(UsernameTextBox.Text) & " was not found. Please check the value and re-enter." QuestionLabel.Text = "" QuestionLabel.Enabled = False AnswerTextBox.Enabled = False EmailPasswordButton.Enabled = False Else QuestionLabel.Text = user.PasswordQuestion QuestionLabel.Enabled = True AnswerTextBox.Enabled = True EmailPasswordButton.Enabled = True End If End Sub Public Sub EmailPassword_OnClick(ByVal sender As Object, ByVal args As EventArgs) ' Note: Returning a password in clear text using e-mail is not recommended for ' sites that require a high level of security. Try Dim password As String = Membership.Provider.GetPassword(UsernameTextBox.Text, AnswerTextBox.Text) Dim u As MembershipUser = Membership.GetUser(UsernameTextBox.Text) EmailPassword(u.Email, password) Msg.Text = "Your password was sent via e-mail." Catch e As MembershipPasswordException Msg.Text = "The password answer is incorrect. Please check the value and try again." Catch e As System.Configuration.Provider.ProviderException Msg.Text = "An error occurred retrieving your password. Please check your values " & _ "and try again." End Try End Sub Private Sub EmailPassword(ByVal email As String, ByVal password As String) Try Dim Message As MailMessage = New MailMessage("administrator", email) Message.Subject = "Your Password" Message.Body = "Your password is: " & Server.HtmlEncode(password) Dim SmtpMail As SmtpClient = New SmtpClient("SMTPSERVER") SmtpMail.Send(Message) Catch Msg.Text = "An exception occurred while sending your password. Please try again." End Try End Sub </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Sample: Retrieve Password</title> </head> <body> <form id="form1" runat="server"> <h3> Retrieve Password</h3> <asp:Label ID="Msg" runat="server" ForeColor="maroon" /><br /> Username: <asp:TextBox ID="UsernameTextBox" Columns="30" runat="server" AutoPostBack="True" /> <asp:RequiredFieldValidator ID="UsernameRequiredValidator" runat="server" ControlToValidate="UsernameTextBox" ForeColor="red" Display="Static" ErrorMessage="Required" /><br /> Password Question: <b> <asp:Label ID="QuestionLabel" runat="server" /></b><br /> Answer: <asp:TextBox ID="AnswerTextBox" Columns="60" runat="server" Enabled="False" /> <asp:RequiredFieldValidator ID="AnswerRequiredValidator" runat="server" ControlToValidate="AnswerTextBox" ForeColor="red" Display="Static" ErrorMessage="Required" Enabled="False" /><br /> <asp:Button ID="EmailPasswordButton" Text="Email My Password" OnClick="EmailPassword_OnClick" runat="server" Enabled="False" /> </form> </body> </html>
Available since 2.0
.jpeg?cs-save-lang=1&cs-lang=vb)