Decrypting the Customer Password

No need to decrypt the password. I got this to work yesterday.

1. Use a database query to obtain the hashed password and the salt key.

2. Take the password that the user enters and run it though the function below.

3. Compare the results of the function with the hashed password from the database. if both match, the logon is successful.

   Public Overridable Function CreatePasswordHash(ByVal password As String, ByVal saltkey As String, Optional ByVal passwordFormat As String = "SHA1") As String
        If [String].IsNullOrEmpty(passwordFormat) Then
            passwordFormat = "SHA1"
        End If
        Dim saltAndPassword As String = [String].Concat(password, saltkey)
        Dim hashedPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPassword, passwordFormat)
        Return hashedPassword
    End Function

Thanks.  I already tried this approach and it does work.  However I need to decrypte the password stored in the nopCommerce database so that I can capture it and store it in plain text format in another database outside of the nopCommerce environment.

SwimmingWorld wrote:

I think your best option is to either make the change I mentioned previously or have a work item created to make password storage configurable through the administration console. I think the fact it is not configurable was just an oversight in the 2.x release, because the framework is there, but the values are hard coded.

Can you tell me the file name of the "registration controller" where you found the registration password code you referred to in a previous post?

Thanks,
Gary