“Hashed passwords cannot be decoded.”

While working with C#.Net and ASP.Net memberhsip I get the following error:

“Hashed passwords cannot be decoded.”

when using the following line:

string tempPassword = Membership.Provider.GetPassword(userName, “”);

How can I resolve this issue?

After doing some research this is what I’ve found:

  • Hashed passwords are passwords that have been encrypted 1 way. In other words, you can’t decrypt them and see what the original content was. The system just hashes the password you enter and sees if it is a match. This is secure but the problem is that you can’t get the password as indicated above
  • Encrypted passwords are encrypted 2 ways. You can decrypt them and see the original password. I checked my web.config and the membership setting is set to Encrypt rather than Hash.

Seeing that I wasn’t able to resolve the issue I just decided to create a new password (reset password) and then change the password to whatever is on screen if there was a need for that. I mostly was using the GetPassword to change the password, no need to do that there any more.

After a while we discovered what the problem was. The users were created originally by the application using a hashed password. This became an issue as a user with a hash password cannot be migrated automatically to the new encryption setting. So, even though your application is using encryption for the passwords, previously created users will face the issues mentioned before. What we ended up doing was deleting the existing users and creating new ones with the new settings on Web.Config. You could also reset the users and modify a column in the database if deleting them is not an option.

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: