Decrypting an 'Encrypted' password from ASP.NET 2.0 Membership

Create a class that inherits from SqlMembershipProvider and in it you can call the decrypt.

All the code you need for this can be found in this article by Naveen Kohli:

After looking through the code in reflector, I saw that Microsoft providers decrypts in two steps. The encrypted password is actually a Base64 conversion of encrypted data. So first it converts it back from Base64 and then calls DecryptPassword method. I just did the easiest thing. Copied the code from Microsoft implementation, removed all the checks it was doing and then used it. Following class is an example of a class derived form SqlMembershipProvider with a method that just returns me password in clear text for a given encrypted password.

namespace MembershipPasswordRecover{    public class NetFourMembershipProvider : SqlMembershipProvider    {        public string GetClearTextPassword(string encryptedPwd)        {            byte[] encodedPassword = Convert.FromBase64String(encryptedPwd);            byte[] bytes = this.DecryptPassword(encodedPassword);            if (bytes == null)            {                return null;            }            return Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10);        }    }}static void Main(string[] args){    var passwordManager = new NetFourMembershipProvider();    var clearPWd = passwordManager.GetClearTextPassword("encryptedpasswordhere");    Console.WriteLine(clearPWd);}