Membership.EnablePasswordRetrieval Property

Gets a value indicating whether the current membership provider is configured to allow users to retrieve their passwords.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)

public:
static property bool EnablePasswordRetrieval {
	bool get ();
}
/** @property */
public static boolean get_EnablePasswordRetrieval ()

public static function get EnablePasswordRetrieval () : boolean

Not applicable.

Property Value

true if the membership provider supports password retrieval; otherwise, false.

If EnablePasswordRetrieval is false, the underlying membership provider may throw a HttpException.

The providers that are included with the .NET Framework support multiple password formats to enhance password security. If the password format is set to Hashed, then users will not be able to retrieve their existing password from the database. The Hashed password format provides one-way encoding of password values. Passwords are "hashed" and compared to values stored in the database for authentication. "Hashed" values cannot be un-encoded to retrieve the original password value. For more information, see MembershipPasswordFormat.

The following code example shows the membership element in the system.web section of the Web.config file for an ASP.NET application. It specifies that the application use an instance of the SqlMembershipProvider and enables password retrieval.

<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
  <providers>
    <add name="SqlProvider"
      type="System.Web.Security.SqlMembershipProvider"
      connectionStringName="SqlServices"
      enablePasswordRetrieval="true"
      enablePasswordReset="false"
      requiresQuestionAndAnswer="false"
      passwordFormat="Encrypted"
      applicationName="MyApplication" />
  </providers>
</membership>

The following code example first verifies that EnablePasswordRetrieval is true, then retrieves the password for a specified user name and sends it to the e-mail address for the specified user.

Security noteSecurity Note:

Returning a password in clear text using e-mail is not recommended for sites that require a high level of security. For high-security sites, we recommend that you return passwords using encryption, such as SSL.

This example includes a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview (Visual Studio).

No code example is currently available or this language may not be supported.

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions

ADD
Show: