Link to home
Start Free TrialLog in
Avatar of BothWorldsJo
BothWorldsJoFlag for United States of America

asked on

password from cleartext to encrypted


I have to send a password to a webservice and it will save it as an encrypted password while creating the user, not hashed, in the aspnet membership database locally.

How do I convert the cleartext password into an encrypted password to send it to the SQL sproc?

Avatar of Mysidia
Flag of United States of America image

Are you writing the web service, in order to authenticate a user?
Obviously, there are many different schemes for 'encrypting' or protecting passwords; some are more secure than others

For secure password storage in your application,
I would recommend BCRYPT,  using eg.

Or PBKDF2 using Rfc2898DeriveBytes

If you need to interact with a webservice that someone else wrote,
then you would need to know exactly what password/credential storage mechanism
they are using,  and what rules they are using to derive passwords they store,
in order to be able to provide a password in their internal format.
Avatar of BothWorldsJo


Yes, it's my webservice.  And the encryption is the passwordformat=2 of the usual aspnet membership logic.  The site already has encrypted logins, rather than hash, so the usual Microsoft encrypted mechanics is what i need.
Avatar of BothWorldsJo
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial