Decrypting an 'Encrypted' password from ASP.NET 2.0 Membership

16
votes

I have a requirement to decrypt the Encrypted (not Hashed) passwords located in my aspnet_Membership table. In that database I see the Password (Encrypted) and PasswordSalt fields, and I can look at my web.config to find the machinekey > decryptionKey (validation="SHA1" decryption="AES").

note: I would love to use Hashed password, but for business reasons I need to be able to use the password for a Member, for SSO into and from other remote systems, hence using Encrypted (definitely NOT using Clear - yukky!)

Given all that, surely there is a way to retrieve the password as Clear, plain and readable text, i.e. decrypted, but I'm having real trouble finding any website, or answer on stackoverflow (and I'm looking at all the "similar questions" and "question with similar titles" here) that explains how this can be done.

I've found the MembershipProvider.DecryptPassword Method page, but I still cannot work out how to actually use this in my code. I've also found other pages, via Google, but most example of password decryption don't appear to take the salt and decrytionKey's into account.

Does anyone have a straight forward example of selecting the password, passwordsalt and decryptionkey from their respective locations, and using them to decypt an ASP.NET 2.0 Membership Encrypted password?

1
asp.net.net-2.0passwordsasp.net-membershipencryption
The whole point of SSO is to delegate the authentication and not share login credentials. Your business reasons are skewed.John Leidegren
I don't know how the MembershipProvider works, but isn't the point of having a salted password that you don't ever really decrypt the password, you use whatever the user entered for a password, apply the salt in whatever encryption method, and if the two encrypted result match, you're granted access. I doubt you can actually get the clear text password without using some sort of brute force attack.Cᴏʀʏ
Guys, I appreciate the comments, and while the business logic maybe skewed, the requirement is still in place. The ASP.NET MembershipProvider gives the options of 'Clear', 'Encrypted' and 'Hashed' formats for passwords, suggesting very strongly that 'Encrypted' passwords CAN be decrypted - just finding out how is my question.QMKevin
@QMKevin: unless it's one-way encryption, which it is. You might have to implement a custom MembershipProvider if you want to implement decryptable passwords. In all honesty though, it's a bad idea.Cᴏʀʏ
@Cory Sorry to disagree (more out of frustration and desire to learn, I promise), but I've read Encrypted passwords can indeed be decrypted, while Hashed cannot. I read that here Huh, I also just spotted on this link, a method that claims to let you convert an encoded password back to its readable format. Not sure why I didn't see this before.. my Googling skills are assuming it's the weekend, perhaps. Let's hope this works!QMKevin

1 Answers

13
votes

Create a class that inherits from SqlMembershipProvider and in it you can call the decrypt.

All the code you need for this can be found in this article by Naveen Kohli:

After looking through the code in reflector, I saw that Microsoft providers decrypts in two steps. The encrypted password is actually a Base64 conversion of encrypted data. So first it converts it back from Base64 and then calls DecryptPassword method. I just did the easiest thing. Copied the code from Microsoft implementation, removed all the checks it was doing and then used it. Following class is an example of a class derived form SqlMembershipProvider with a method that just returns me password in clear text for a given encrypted password.

namespace MembershipPasswordRecover
{
    public class NetFourMembershipProvider : SqlMembershipProvider
    {
        public string GetClearTextPassword(string encryptedPwd)
        {
            byte[] encodedPassword = Convert.FromBase64String(encryptedPwd);
            byte[] bytes = this.DecryptPassword(encodedPassword);
            if (bytes == null)
            {
                return null;
            }
            return Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10);

        }
    }
}

static void Main(string[] args)
{
    var passwordManager = new NetFourMembershipProvider();
    var clearPWd = passwordManager.GetClearTextPassword("encryptedpasswordhere");
    Console.WriteLine(clearPWd);
}