This method is called by the System.Web.Security.MembershipUser class to retrieve the password for a user from the SQL Server database specified in the ASP.NET application's configuration file (Web.config).

If an incorrect password answer is supplied to the SqlMembershipProvider.GetPassword(string, string) method, the internal counter that tracks invalid password-answer attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the SqlMembershipProvider.UnlockUser(string) method. If the correct password answer is supplied and the user is not currently locked out, then the internal counter that tracks invalid password-answer attempts is reset to zero. For more information, see the SqlMembershipProvider.MaxInvalidPasswordAttempts and SqlMembershipProvider.PasswordAttemptWindow properties.

You can call the SqlMembershipProvider.GetPassword(string, string) method directly by first obtaining a reference to the System.Web.Security.SqlMembershipProvider instance through the Membership.Provider property of the System.Web.Security.Membership class.

If the SqlMembershipProvider.PasswordFormat property is set to MembershipPasswordFormat.Hashed, the SqlMembershipProvider.GetPassword(string, string) method cannot retrieve the password. Hashed passwords are encrypted one-way and cannot be decrypted. If the SqlMembershipProvider.PasswordFormat property is set to MembershipPasswordFormat.Hashed, and SqlMembershipProvider.EnablePasswordRetrieval is set to true, a System.Configuration.Provider.ProviderException is thrown when the provider is initialized.

Leading and trailing spaces are trimmed from all parameter values.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0