Encrypt/Decrypt password usage in a custom MembershipProvider?
-
20-08-2019 - |
Question
I implemented a custom membership provider. I've also implemented my custom AES Encryption/Decryption overriding the abstract EncryptPassword/DecryptPassword of the MembershipProvider.
however, when I trigger ValidateUser, the password is not automatically converted, am I missing something?
Is it supposed to be called automatically or I have to call this method from my code?
Solution
You need to call your encryption routines yourself.
OTHER TIPS
You need to include the calls to your encryption/decryption methods, something like should do:
public override bool ValidateUser(string username, string password)
{
string password=query to get the password from the db/users_list;
return (CheckPassword(password, storedPassword));
}
private bool CheckPassword(string password, string dbpassword)
{
string pwd1 = password;
string pwd2 = dbpassword;
pwd2 = UEncodePassword(dbpassword);
if (pwd1 == pwd2) return true;
return false;
}
private string UEncodePassword(string encodedPassword)
{
string password = encodedPassword;
password = Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(encodedPassword)));
return password;
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow