BothWorldsJo
asked on
password from cleartext to encrypted
Hi!
I have to send a password to a webservice and it will save it as an encrypted password while creating the user, not hashed, in the aspnet membership database locally.
How do I convert the cleartext password into an encrypted password to send it to the SQL sproc?
Thanks,
Jo
I have to send a password to a webservice and it will save it as an encrypted password while creating the user, not hashed, in the aspnet membership database locally.
How do I convert the cleartext password into an encrypted password to send it to the SQL sproc?
Thanks,
Jo
ASKER
Yes, it's my webservice. And the encryption is the passwordformat=2 of the usual aspnet membership logic. The site already has encrypted logins, rather than hash, so the usual Microsoft encrypted mechanics is what i need.
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Workaround
Obviously, there are many different schemes for 'encrypting' or protecting passwords; some are more secure than others
For secure password storage in your application,
I would recommend BCRYPT, using eg.
http://bcrypt.codeplex.com/
Or PBKDF2 using Rfc2898DeriveBytes
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx
If you need to interact with a webservice that someone else wrote,
then you would need to know exactly what password/credential storage mechanism
they are using, and what rules they are using to derive passwords they store,
in order to be able to provide a password in their internal format.