ASP.NET Membership Encrypted Passwords [ June 5th, 2010 ] Posted in » ASP.NET, Controls, Web Development, Wordpress
To keep your passwords secure but still be able to retrieve the password via the ASP.NET membership provider you will need to implement the password type as Encrypted.
To do this you need to provide a machine key in the web.config of machine.config.
You can find a machine key generator at: http://www.developmentnow.com/articles/machinekey_generator.aspx
The membership code looks like:
<membership defaultProvider="BfssSqlMembershipProvider">
<providers>
<!-- Add a customized SqlMembershipProvider -->
<add name="BfssSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="cstrBFSS"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="BusinessForSaleSpain"
requiresUniqueEmail="false"
passwordFormat="Encrypted"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
<machineKey
validationKey="7D69B8F7D5D4A9D6CC9776D6972877FC1ACA7669
650687987EBF3C2A1709E0065AAA13ECABF4193A65920A027588
42EF9EA97FDAC57C2F40F808AD1FFD9145"
decryptionKey="CB0CE75BFD315E2108A96F95384BA8E28AE2AF97
03F42B7D369EE44C09C394A6"
validation="SHA1" decryption="AES"
/>
Please make sure you generate your own machine key.
For further information about ASP.NET Membership please visit: http://msdn.microsoft.com/en-us/library/ff648345.aspx