ASP.NET Membership Encrypted Passwords

To keep your passwords secure but still be able to retrieve the password via the ASP.NET membership provider you will need to implement the password type as Encrypted.

To do this you need to provide a machine key in the web.config of machine.config.

You can find a machine key generator at:  http://www.developmentnow.com/articles/machinekey_generator.aspx

The membership code looks like:

<membership defaultProvider="BfssSqlMembershipProvider">
  <providers>
    <!-- Add a customized SqlMembershipProvider -->
    <add name="BfssSqlMembershipProvider"
    type="System.Web.Security.SqlMembershipProvider"
    connectionStringName="cstrBFSS"
    enablePasswordRetrieval="true"
    enablePasswordReset="true"
    requiresQuestionAndAnswer="true"
    applicationName="BusinessForSaleSpain"
    requiresUniqueEmail="false"
    passwordFormat="Encrypted"
    maxInvalidPasswordAttempts="5"
    minRequiredPasswordLength="7"
    minRequiredNonalphanumericCharacters="0"
    passwordAttemptWindow="10"
    passwordStrengthRegularExpression=""/>
  </providers>
</membership>
<machineKey
  validationKey="7D69B8F7D5D4A9D6CC9776D6972877FC1ACA7669
    650687987EBF3C2A1709E0065AAA13ECABF4193A65920A027588
    42EF9EA97FDAC57C2F40F808AD1FFD9145"
  decryptionKey="CB0CE75BFD315E2108A96F95384BA8E28AE2AF97
    03F42B7D369EE44C09C394A6"
  validation="SHA1" decryption="AES"
/>

Please make sure you generate your own machine key.

For further information about ASP.NET Membership please visit: http://msdn.microsoft.com/en-us/library/ff648345.aspx

June 5th, 2010 Posted in ASP.NET, Controls, Web Development, Wordpress
This entry was posted on Saturday, June 5th, 2010 at 11:29 am and is filed under ASP.NET, Controls, Web Development, Wordpress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

Powered by WordPress | Blue Weed by Blog Oh! Blog | Entries (RSS) and Comments (RSS).