In ASP.net MVC Models is there a way to manipulate data in the property setters?

StackOverflow https://stackoverflow.com/questions/15461207

Question

This post is kindo of asking what I need but not very well... How to encrypt password

Essentially I have a model "User"

Public Class User

    Public Property ID As Integer

    Public Property NickName As String

    Public Property EmailAddress As String

    Public Property Password As String

End Class

I want to be able to do something like this....

Public Class User

    Public Property ID As Integer

    Public Property NickName As String

    Public Property EmailAddress As String

    Public Property Password As String
        Get
            Return Password
        End Get
        Set(value As String)
            Password = DoMyHashing(value)
        End Set
    End Property

End Class

Is there any way to do this simply?

EDIT : I have since started using BrockAllen.MembershipReboot which uses the federated identity system. It's much better than membership provider in my opinion!

Was it helpful?

Solution

Security is not something that should be taken lightly and even better not reinvented. Simple doesn't necessarily mean secure. So you could use the existing membership provider which already implements security for you and stores only hashed versions of passwords in the database.

And if you don't want to use the membership provider but implement password hashing yourself, here's a good guide you might consider going through before getting into coding.

Here's a secure way to generate password hashes:

To Store a Password

  1. Generate a long random salt using a CSPRNG.
  2. Prepend the salt to the password and hash it with a standard cryptographic hash function such as SHA256.
  3. Save both the salt and the hash in the user's database record.

To Validate a Password

  1. Retrieve the user's salt and hash from the database.
  2. Prepend the salt to the given password and hash it using the same hash function.
  3. Compare the hash of the given password with the hash from the database. If they match, the password is correct. Otherwise, the password is incorrect.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top