I am trying to access user's password hash using DNN API. Please see below code segment
[AllowAnonymous]
[HttpGet]
public HttpResponseMessage Auth()
{
UserInfo u = DotNetNuke.Entities.Users.UserController.GetUserByName("user1");
string hostPassword = DotNetNuke.Entities.Users.UserController.GetPassword(ref u, String.Empty);
return Request.CreateResponse(HttpStatusCode.OK, hostPassword);
}
But I am getting following error, saying hashed passwords can't be retrieved
Parser Error Message: Configured settings are invalid: Hashed passwords cannot be retrieved. Either set the password format to different type, or set enablePasswordRetrieval to false.
This is my configuration section
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SiteSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" requiresUniqueEmail="false" passwordFormat="Hashed" applicationName="DotNetNuke" description="Stores and retrieves membership data from the local Microsoft SQL Server database" />
Can anyone explain what is the wrong with my code or configuration.?
Further, If I want to authorize users I would I do it in DNN web services?
Found a reliable way to authenticate users in DNN. It is possible to authenticate a DNN user in the following way.
System.Web.Security.Membership.ValidateUser(username,password)
Retrieving hased passwords is not allowed in DNN and it is not a good practice too. That's the reason for the error message for my code.