Secure passwords in a ASP.NET 2.0 Custom Membership Provider
I am writing a custom membership provider which gets logon info from a 3rd party database.
I have it working using plain text passwords but I want to secure the passwords - ideally, so that I can retain the "forgot password" feature but if I have to change it to "reset password" functionality then I could.
Basically, I just need a clear explanation of how I go about encrypting or hashing the password when it is first created and how to validate a user logon. Also, how to retrieve or reset the password, depending on which method is used (encrypt or hash?)