public override string GetPassword (string username, string answer)
{
if (!EnablePasswordRetrieval)
throw new NotSupportedException ("this provider has not been configured to allow the retrieval of passwords");
CheckParam ("username", username, 256);
if (RequiresQuestionAndAnswer)
CheckParam ("answer", answer, 128);
PasswordInfo pi = GetPasswordInfo (username);
if (pi == null)
throw new ProviderException ("An error occurred while retrieving the password from the database");
string user_answer = EncodePassword (answer, pi.PasswordFormat, pi.PasswordSalt);
string password = null;
using (DbConnection connection = CreateConnection ()) {
DbCommand command = factory.CreateCommand ();
command.Connection = connection;
command.CommandText = @"aspnet_Membership_GetPassword";
command.CommandType = CommandType.StoredProcedure;
AddParameter (command, "@ApplicationName", ApplicationName);
AddParameter (command, "@UserName", username);
AddParameter (command, "@MaxInvalidPasswordAttempts", MaxInvalidPasswordAttempts);
AddParameter (command, "@PasswordAttemptWindow", PasswordAttemptWindow);
AddParameter (command, "@CurrentTimeUtc", DateTime.UtcNow);
AddParameter (command, "@PasswordAnswer", user_answer);
DbParameter retValue = AddParameter (command, "@ReturnVal", ParameterDirection.ReturnValue, DbType.Int32, null);
DbDataReader reader = command.ExecuteReader ();
int returnValue = GetReturnValue (retValue);
if (returnValue == 3)
throw new MembershipPasswordException ("Password Answer is invalid");
if (returnValue == 99)
throw new MembershipPasswordException ("The user account is currently locked out");
if (reader.Read ()) {
password = reader.GetString (0);
reader.Close ();
}
if (pi.PasswordFormat == MembershipPasswordFormat.Clear)
return password;
else if (pi.PasswordFormat == MembershipPasswordFormat.Encrypted)
return DecodePassword (password, pi.PasswordFormat);
return password;
}
}