I am building a login/registration section for our members area in Umbraco 7.1.7.
I would like to send a user their password in plain text via email.
The idea is, if the user forgets their password, they can simply enter their email address (which also serves as their username) and clicks the button:
Now, I know Umbraco uses the ASP.NET Membership Provider and hashes passwords, which is nice but I need to access the plaintext version to send in the email.
I have changed my web.config to include this:
<membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add name="UmbracoMembershipProvider"
type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco"
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="0"
useLegacyEncoding="true"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
defaultMemberTypeAlias="Member"
passwordFormat="clear" />
and my Controller Action method looks like this:
// Forgot password logic to send email
[ActionName("MvcMemberForgot")]
public ActionResult MvcMemberForgot(MvcMemberForgotModel model)
{
string emailaddress = model.Email.ToString(); // The users entered email address.
var member = Services.MemberService.GetByEmail(emailaddress);
var sb = new StringBuilder(); // To build the message.
sb.Append("Here is the password you chose for this email address: ");
sb.Append(password); // I need a password value here...
// Send the email.
library.SendMail("[email protected]", emailaddress, "Password", sb.ToString(), true);
return CurrentUmbracoPage();
}
I can use var x = member.RawPasswordValue;
to return the hashed password, is there a way to get the password the user typed in when they registered in a similar way?
I wouldn't send the emails to people in plain text, that's very poor security practice. The way I approached this recently was to do the following:
My approach was based on the code from this example repo: https://github.com/warrenbuckley/CWS-Umbraco-Standard-Membership which contains a lot of useful examples of working with members!