As discussed in the article Asp.Net Membership Provider Password Administration,
it is possible to retrieve Clear or Encrypted passwords if the
MembershipProvider.EnablePasswordRetrieval property is set to true. If the SqlMembershipProvider's
passwordFormat property is set to Hashed, however, you
will not be able to use the provider's getPassword method to retrieve
passwords, even if the particular membership record's passwordFormat is set to an
unhashed value.
While the Membership Manager Control cannot retrieve hashed passwords and
it makes no attempt to circumvent the MembershipProvider.EnablePasswordRetrieval
property, it does offer a solution that may be used by administrators or web masters
to Reset passwords to a known value. It does this by calling the
MembershipProvider.ResetPassword method, capturing the randomly
generated password, and then using that password to call the Membership.Provider.ChangePassword
to the new known value.
MembershipProvider.EnablePasswordReset must be set to true
Since the Membership Manager Control calls upon the SqlMembershipProvider to perform
the password reset, you must ensure that EnablePasswordReset = true in your web.config
if you wish to utilize the Reset Password feature.
If you attempt to reset a password and do not have passwordReset enabled, then you
will receive an exception similar to that illustrated below. The topic,
Asp.Net Membership Provider Password Administration,
provides information on enabling password reset.
Related Topics
The Membership Manager Control
Membership Manager Configuration
Asp.Net SqlMembershipProvider Settings