Solved

Encrypt email address using .Net Forms Authentication

Posted on 2011-02-10
4
365 Views
Last Modified: 2012-05-11
Hello Experts!

We are creating a web application that requires authentication.  We are using the built-in .Net Forms Authentication to handle the authentication.  However, our security office has mandated that we must encrypt the email address, which is stored in the aspnet_Membership table.  By default, the email address is stored in plain text.   Does anyone know of a way to override or modify the "Create User" method (or other methods) so that we can encrypt the email (much like the password is encrypted)?  Any workarounds?  We are using ASP.NET (VB) Framework v4 and SQL Server 2008.  Specific examples would be very helpful!
0
Comment
  • 2
  • 2
4 Comments
 
LVL 15

Expert Comment

by:jorge_toriz
ID: 34867122
0
 
LVL 8

Author Comment

by:Forefront_Data_Solutions
ID: 34867215
We've looked into that already but would prefer not to have to do that.  We want to continue to use the built-in membership with the exception of just encrypting the email address.
0
 
LVL 15

Accepted Solution

by:
jorge_toriz earned 500 total points
ID: 34867233
Well, I'm pretty sure that you will end building your own membership provider due to the dependency that exists on plain-text e-mail

If you security dictates that e-mail must be enrypted, then take in mind that the search will be a bullet in the server's head because you will be decrypting each row to find the right e-mail that you want to get.

If e-mail must be encrypted, you will have to implement the search and login of users throgh a custom number.
0
 
LVL 8

Author Closing Comment

by:Forefront_Data_Solutions
ID: 34890589
This did not fully address my question.  However, since no one else commented, I will go ahead and close the question.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question