Vulnerability in EPiServer.Forms
I have Active Directory as my membership provider and it doesn't support getting the password from the SecurityContext. Is there another way of getting either the ICredentials object or the password of the logged in user as a string or SecureString?
To get ICredentials you need to have Windows Authentication configured in the site - not Forms Authentication - or have access to the user's username+password and possibly use NetworkCrententials.
Oh so since I have Active Directory configured as my membership provider, I won't be able to get the ICredentials object?