Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Encrypt email address using .Net Forms Authentication

Posted on 2011-02-10
4
Medium Priority
?
378 Views
Last Modified: 2012-05-11
Hello Experts!

We are creating a web application that requires authentication.  We are using the built-in .Net Forms Authentication to handle the authentication.  However, our security office has mandated that we must encrypt the email address, which is stored in the aspnet_Membership table.  By default, the email address is stored in plain text.   Does anyone know of a way to override or modify the "Create User" method (or other methods) so that we can encrypt the email (much like the password is encrypted)?  Any workarounds?  We are using ASP.NET (VB) Framework v4 and SQL Server 2008.  Specific examples would be very helpful!
0
Comment
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:jorge_toriz
ID: 34867122
0
 
LVL 8

Author Comment

by:Forefront_Data_Solutions
ID: 34867215
We've looked into that already but would prefer not to have to do that.  We want to continue to use the built-in membership with the exception of just encrypting the email address.
0
 
LVL 15

Accepted Solution

by:
jorge_toriz earned 1500 total points
ID: 34867233
Well, I'm pretty sure that you will end building your own membership provider due to the dependency that exists on plain-text e-mail

If you security dictates that e-mail must be enrypted, then take in mind that the search will be a bullet in the server's head because you will be decrypting each row to find the right e-mail that you want to get.

If e-mail must be encrypted, you will have to implement the search and login of users throgh a custom number.
0
 
LVL 8

Author Closing Comment

by:Forefront_Data_Solutions
ID: 34890589
This did not fully address my question.  However, since no one else commented, I will go ahead and close the question.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question