I am seeking some help on a telerik sitefinity backend feature. I'm creating users from a custom radgrid programatically. The code that I'm using to create a sitefinity user is as follows:
public MembershipCreateStatus AddUser(UserModel model, Role role)
{
var userManager = UserManager.GetManager();
var profileManager = UserProfileManager.GetManager()
var roleManager = RoleManager.GetManager("AppRoles");
MembershipCreateStatus status;
userManager.Provider.SuppressSecurityChecks = true;
var user = userManager.CreateUser(model.UserName, model.Password, model.Email,
model.SecretQuestion, model.SecretAnswer, true, null, out status);
if(status == MembershipCreateStatus.Success)
{
roleManager.AddUserToRole(user, role);
roleManager.SaveChanges();
var profile = profileManager.CreateProfile(user, Guid.NewGuid(),
typeof(SitefinityProfile)) as SitefinityProfile;
if (profile != null)
{
profile.FirstName = model.FirstName;
profile.LastName = model.LastName;
//Set any Data Extended Properties below
}
profileManager.RecompileItemUrls(profile);
profileManager.SaveChanges();
userManager.SaveChanges();
}
return status
}
This will let me create a sitefinity user and I can see that the user is stored in the sf_users table. The problem that I'm having is I need a way to lookup and send a user their password if they forget the password. The password is hashed and saved in an encrypted format in the table in the database. I've looked for documentation on how to change the password format to clear text or something of the sort but I've been unsuccessful in finding anything useful yet.
If anyone knows how to accomplish this so that I can save the password as clear text in the database then that would be really great.
Sitefinity Membership Provider is designed to work in similar way as the SQL Membership Provider. It supports three modes - Hashed (default), Encrypted and Clear. The Hashed format is default one. More information here: http://www.sitefinity.com/documentation/documentationarticles/developers-guide/deep-dive/security/users/password-format.
Hashed passwords are irreversible and you cannot achieve what you want using a hashed password format. Instead you can achieve this by either using the Clear (strongly not recommended) or the Encrypted (also not a good security practice).
However the CMS allows you to have reset password functionality or retrieve. Reset if Hashed format is used and retrieve if Encrypted is used. This article explains both approaches: http://www.sitefinity.com/developer-network/knowledge-base/configuring-password-recovery-in-sitefinity.