Encrypt/Decrypt password usage in a custom MembershipProvider?

StackOverflow https://stackoverflow.com/questions/1054394

Question

I implemented a custom membership provider. I've also implemented my custom AES Encryption/Decryption overriding the abstract EncryptPassword/DecryptPassword of the MembershipProvider.

however, when I trigger ValidateUser, the password is not automatically converted, am I missing something?

Is it supposed to be called automatically or I have to call this method from my code?

Was it helpful?

Solution

You need to call your encryption routines yourself.

OTHER TIPS

You need to include the calls to your encryption/decryption methods, something like should do:

public override bool ValidateUser(string username, string password)
{
    string password=query to get the password from the db/users_list;

    return (CheckPassword(password, storedPassword));
}

private bool CheckPassword(string password, string dbpassword)
{
    string pwd1 = password;
    string pwd2 = dbpassword;

    pwd2 = UEncodePassword(dbpassword);

    if (pwd1 == pwd2) return true;

    return false;
}

private string UEncodePassword(string encodedPassword)
{
    string password = encodedPassword;
    password = Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(encodedPassword)));

    return password;
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top