1. 技术文章
  2. Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false

Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false

痴心易碎 提交于 2019-12-06 03:06:58

问题


I got some website and now I want to get the passwords.

I use it:

<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
             connectionStringName="TravelChamps" 
enablePasswordRetrieval="true"
             enablePasswordReset="true"
             requiresQuestionAndAnswer="false"
             requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" 
             minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"             
             />

And this error happens:

Configured settings are invalid: Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false.

If I use it:

<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
             connectionStringName="TravelChamps" enablePasswordRetrieval="false"
             enablePasswordReset="true"
             requiresQuestionAndAnswer="false"
             requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" 
             minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"             
             />

I get the follwoing error:

An exception occurred retrieving your password: This Membership Provider has not been configured to support password retrieval.

I am totally confused.

Any suggestion where I can start to work around?


回答1:


You can't get the passwords because they were never stored. (Specifically to ensure nobody could ever do exactly what you're trying to do.) The workaround is not to get the passwords.




回答2:


If you want the passwords could be retrieval or to get them as plain text (not encrypted) you must change some configurations of The Membership before you create first user.

Perform the following tasks (it relates to asp net):

1.In the file web.config, in tag membership/providers/add set attributes:

enablePasswordRetrieval="true"<br/>
passwordFormat="Encrypted"

my settings:

<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"     connectionStringName="maindb"
         enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" passwordFormat="Encrypted" />
  </providers>
</membership>

2.Generate so called validationKey and decryptionKey. You can do this by NET API:

my example:

public static class RNGCrypto_MachineKey
{
    public static string getRandomKey(int bytelength)
    {
        byte[] buff = new byte[bytelength];
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        rng.GetBytes(buff);
        StringBuilder sb = new StringBuilder(bytelength * 2);
        for (int i = 0; i < buff.Length; i++)
            sb.Append(string.Format("{0:X2}", buff[i]));
        return sb.ToString();
    }
}

generating:

string key64 = RNGCrypto_MachineKey.getRandomKey(64);
string key32 = RNGCrypto_MachineKey.getRandomKey(32);

3.Again, in the file web.config put the following settings inside the tag system.web:

    <machineKey validationKey="paste here the key64 string" decryptionKey="paste here the key32 string" validation="SHA1"/>

(about machinkey on msdn)

4.Now you can create users with passwords and then you can get plain password:

Membership.GetUser(username).GetPassword();



回答3:


As others have stated, the original password can't be retrieved, and you shouldn't typically provide a mechanism to recover passwords anyways (just reset them). However, if your goal is to reset the password to some known value, it can be done along these lines:

MembershipUser usr = Membership.GetUser("username", false);
string resetPassword = usr.ResetPassword();
usr.ChangePassword(resetPassword, "yayiknowthepassword");



回答4:


To answer the question, you can use the method outlined in this link: Retrieving the users password

but I would never do such a thing as to make your users information insecure. You should allow them to "reset" only, never retrieve. You should not see or be able to retrieve your users passwords and I would advise anyone against using your application or website due to this, but the method outlined in the link works.




回答5:


This is the best answer I got after too many search. use this inside an page load of default page and reset the password . Note* :- Make sure you change the webconfig file with this setting enablePasswordRetrieval="true" passwordFormat="Encrypted"

MembershipUser user = Membership.GetUser("username", false);
string resetPassword = user.ResetPassword();
user.ChangePassword(resetPassword, "new password to set");

'''



来源:https://stackoverflow.com/questions/8918465/hashed-passwords-cannot-be-retrieved-either-set-the-password-format-to-differen

标签
ASP.NET
.net
asp.net-mvc-2
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!