How? Encrypt and Decrypt user membership passwords in ASP.NET

Posted by smdrager on Stack Overflow See other posts from Stack Overflow or by smdrager
Published on 2010-06-10T18:26:41Z Indexed on 2010/06/10 18:42 UTC
Read the original article Hit count: 207

Filed under:

ASP.NET

|

encryption

|

asp.net-membership

We are creating a new site using ASP.NET membership provider for user registration and log in. Our old system encrypted user passwords so that we could recover them if we needed to.

I am having a great deal of trouble figuring out if it is possible to use ASP.NET membership functions to simply encrypt the password when the user registers and then unencrypt it so I can see it.

Documentation for this is neigh non-existant.

I know how to configure Web.config to have it store passwords as encrypted ala passwordFormat="Hashed" in the provider and assigning a validationKey in the machineKey, however it seems like the password still gets hashed (though perhaps it is just well encrypted). Either way I cannot decifer how the password can be recovered (by us) if neccessary.

Thanks!

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about encryption

SQL SERVER – History of SQL Server Database Encryption

as seen on SQL Authority - Search for 'SQL Authority'
I recently met Michael Coles and Rodeney Landrum the author of one of the kind book Expert SQL Server 2008 Encryption at SQLPASS in Seattle. During the conversation we ended up how Microsoft is evolving encryption technology. The same discussion lead to talking about history of encryption tools in… >>> More
Encryption is hard: AES encryption to Hex

as seen on Stack Overflow - Search for 'Stack Overflow'
So, I've got an app at work that encrypts a string using ColdFusion. ColdFusion's bulit-in encryption helpers make it pretty simple: encrypt('string_to_encrypt','key','AES','HEX') What I'm trying to do is use Ruby to create the same encrypted string as this ColdFusion script is creating. Unfortunately… >>> More
Encryption Product Keys : Public and Private key encryption

as seen on Stack Overflow - Search for 'Stack Overflow'
I need to generate and validate product keys and have been thinking about using a public/private key system. I generate our product keys based on a client name (which could be a variable length string) a 6 digit serial number. It would be good if the product key would be of a manageable length… >>> More
Confused about encryption with public and private keys (which to use for encryption)

as seen on Stack Overflow - Search for 'Stack Overflow'
I am making a licensing system when clients ask my server for a license and I send them a license if they are permitted to have one. On my current system I encrypt the license using a single private key and have the public key embedded into the client application that they use to decrypt the license… >>> More
Software tools to automatically decrypt a file, whose encryption algorithm (and/or encryption keys)

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an idea for encryption that I could program fairly easily to encrypt some local text file. Given that my approach is novel, and does not use any of the industry standard encryption techniques, would I be able to test the strength of my encryption using 'cracker' apps or suchlike? Or do all… >>> More