MembershipUser.GetPassword Method

Definition

Gets the password for the membership user from the membership data store.

Overloads

GetPassword()

Gets the password for the membership user from the membership data store.

GetPassword(String)

Gets the password for the membership user from the membership data store.

GetPassword()

Gets the password for the membership user from the membership data store.

C#
public virtual string GetPassword ();

Returns

The password for the membership user.

Exceptions

This method is not available. This can occur if the application targets the .NET Framework 4 Client Profile. To prevent this exception, override the method, or change the application to target the full version of the .NET Framework.

Examples

The following code example calls the GetPassword method to retrieve the password for a specified user name. The password is sent to the user's email address. Note that RequiresQuestionAndAnswer is assumed to be false.

Note

Returning a password in clear text using email is not recommended for sites that require a high level of security. For high-security sites, it is recommended that you return passwords using encryption, such as SSL.

Important

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

ASP.NET (C#)
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Web.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void Page_Load(object sender, EventArgs args)
{
  if (!Membership.EnablePasswordRetrieval)
  {
    FormsAuthentication.RedirectToLoginPage();
  }

  Msg.Text = "";

  if (!IsPostBack)
  {
    Msg.Text = "Please supply a username.";
  }
  else
  {
    VerifyUsername();
  }
}


public void VerifyUsername()
{
    MembershipUser u = Membership.GetUser(UsernameTextBox.Text, false);

    if (u == null)
    {
      Msg.Text = "Username " + Server.HtmlEncode(UsernameTextBox.Text) + " not found. Please check the value and re-enter.";

      EmailPasswordButton.Enabled = false;
    }
    else
    {
      EmailPasswordButton.Enabled = true;
    }
}


public void EmailPassword_OnClick(object sender, EventArgs args)
{
  MembershipUser u = Membership.GetUser(UsernameTextBox.Text, false);
  string password;

  if (u != null)
  {
    try
    {
      password = u.GetPassword();
    }
    catch (Exception e)
    {
      Msg.Text = "An exception occurred retrieving your password: " + Server.HtmlEncode(e.Message);
      return;
    }

    EmailPassword(u.Email, password);
    Msg.Text = "Password sent via email.";
  }
  else
  {
    Msg.Text = "User name is not valid. Please check the value and try again.";
  }
}


private void EmailPassword(string email, string password)
{
  try
  {
    MailMessage Message = new MailMessage();
    Message.To = email;
    Message.From = "administrator";
    Message.Subject = "Your Password";
    Message.Body = "Your password is: " + Server.HtmlEncode(password);

    SmtpMail.SmtpServer = "smarthost";
    SmtpMail.Send(Message);
  }
  catch 
  {
    Msg.Text = "An exception occurred sending your password. Please try again.";
  }
}

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Retrieve Password</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Retrieve Password</h3>

  <asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />

  Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
            <asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
                                        ControlToValidate="UsernameTextBox" ForeColor="red"
                                        Display="Static" ErrorMessage="Required" /><br />

  <asp:Button id="EmailPasswordButton" Text="Email My Password" 
              OnClick="EmailPassword_OnClick" runat="server" Enabled="false" />

</form>

</body>
</html>

Remarks

GetPassword calls the MembershipProvider.GetPassword method of the membership provider referenced by the ProviderName property to retrieve the password for the membership from the membership data store.

If EnablePasswordRetrieval is false, the membership provider will return an exception. If the provider supports passwords with a PasswordFormat of Hashed, you will be unable to retrieve the password for the membership user and should consider making use of the ResetPassword method when a user has forgotten their password.

Note

A ConfigurationException will be thrown if enablePasswordRetrieval is set to true and passwordFormat is set to Hashed in the Web.config file for the ASP.NET application.

If RequiresQuestionAndAnswer is true, you must use the GetPassword overload that takes a password answer as a parameter and supply the password answer for the membership user. If a password answer is required and an incorrect password answer is supplied, a MembershipPasswordException is thrown by the membership provider.

See also

Applies to

.NET Framework 4.8.1 and other versions
Product Versions
.NET Framework 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1

GetPassword(String)

Gets the password for the membership user from the membership data store.

C#
public virtual string GetPassword (string passwordAnswer);

Parameters

passwordAnswer
String

The password answer for the membership user.

Returns

The password for the membership user.

Exceptions

This method is not available. This can occur if the application targets the .NET Framework 4 Client Profile. To prevent this exception, override the method, or change the application to target the full version of the .NET Framework.

Examples

The following code example calls the GetPassword method to retrieve the password for a specified user name if the correct password answer is supplied. The password is sent to the user's email address.

Note

Returning a password in clear text using email is not recommended for sites that require a high level of security. For high-security sites, it is recommended that you return passwords using encryption, such as SSL.

Important

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

ASP.NET (C#)
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Web.Mail" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void Page_Load(object sender, EventArgs args)
{
  if (!Membership.EnablePasswordRetrieval)
  {
    FormsAuthentication.RedirectToLoginPage();
  }

  Msg.Text = "";

  if (!IsPostBack)
  {
    Msg.Text = "Please supply a username.";
  }
  else
  {
    VerifyUsername();
  }
}


public void VerifyUsername()
{
    MembershipUser u = Membership.GetUser(UsernameTextBox.Text, false);

    if (u == null)
    {
      Msg.Text = "Username " + Server.HtmlEncode(UsernameTextBox.Text) + " not found. Please check the value and re-enter.";

      QuestionLabel.Text = "";
      QuestionLabel.Enabled = false;
      AnswerTextBox.Enabled = false;
      EmailPasswordButton.Enabled = false;
    }
    else
    {
      QuestionLabel.Text = u.PasswordQuestion;
      QuestionLabel.Enabled = true;
      AnswerTextBox.Enabled = true;
      EmailPasswordButton.Enabled = true;
    }
}


public void EmailPassword_OnClick(object sender, EventArgs args)
{
  MembershipUser u = Membership.GetUser(UsernameTextBox.Text, false);
  string password;

  if (u != null)
  {
    try
    {
      password = u.GetPassword(AnswerTextBox.Text);
    }
    catch (Exception e)
    {
      Msg.Text = "An exception occurred retrieving your password: " + Server.HtmlEncode(e.Message);
      return;
    }

    EmailPassword(u.Email, password);
    Msg.Text = "Password sent via email.";
  }
  else
  {
    Msg.Text = "Password Answer is not valid. Please check the value and try again.";
  }
}


private void EmailPassword(string email, string password)
{
  try
  {
    MailMessage Message = new MailMessage();
    Message.To = email;
    Message.From = "administrator";
    Message.Subject = "Your Password";
    Message.Body = "Your password is: " + Server.HtmlEncode(password);

    SmtpMail.SmtpServer = "smarthost";
    SmtpMail.Send(Message);
  }
  catch 
  {
    Msg.Text = "An exception occurred sending your password. Please try again.";
  }
}

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: Retrieve Password</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Retrieve Password</h3>

  <asp:Label id="Msg" runat="server" ForeColor="maroon" /><br />

  Username: <asp:Textbox id="UsernameTextBox" Columns="30" runat="server" AutoPostBack="true" />
            <asp:RequiredFieldValidator id="UsernameRequiredValidator" runat="server"
                                        ControlToValidate="UsernameTextBox" ForeColor="red"
                                        Display="Static" ErrorMessage="Required" /><br />

  Password Question: <b><asp:Label id="QuestionLabel" runat="server" /></b><br />

  Answer: <asp:TextBox id="AnswerTextBox" Columns="60" runat="server" Enabled="false" />
          <asp:RequiredFieldValidator id="AnswerRequiredValidator" runat="server"
                                      ControlToValidate="AnswerTextBox" ForeColor="red"
                                      Display="Static" ErrorMessage="Required" Enabled="false" /><br />

  <asp:Button id="EmailPasswordButton" Text="Email My Password" 
              OnClick="EmailPassword_OnClick" runat="server" Enabled="false" />

</form>

</body>
</html>

Remarks

GetPassword calls the MembershipProvider.GetPassword method of the membership provider referenced by the ProviderName property to retrieve the password for the membership user from the membership data store. If a password answer is required and an incorrect password answer is supplied, a MembershipPasswordException is thrown by the membership provider.

If EnablePasswordRetrieval is false, the membership provider will return an exception. If the provider supports passwords with a PasswordFormat of Hashed, you will be unable to retrieve the password for the membership user and should consider making use of the ResetPassword method when a user has forgotten their password.

Note

A ConfigurationException will be thrown if enablePasswordRetrieval is set to true and passwordFormat is set to Hashed in the Web.config file for the ASP.NET application.

If RequiresQuestionAndAnswer is false, you can supply null for the answer parameter, or use the GetPassword overload that does not take any parameters.

See also

Applies to

.NET Framework 4.8.1 and other versions
Product Versions
.NET Framework 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1