views:

1029

answers:

2

Hi folks!

I implemented a custom membership provider. I've also implemented my custom AES Encryption/Decryption overriding the abstract EncryptPassword/DecryptPassword of the MembershipProvider.

however, when I trigger ValidateUser, the password is not automatically converted, am I missing something?

Is it supposed to be called automatically or I have to call this method from my code?

+1  A: 

You need to call your encryption routines yourself.

womp
So I can declare the DecryptPassword function as new?i.e. public new string DecriptPassword(byte[] password)instead of the base class pattern public byte[] DecryptPassword(byte[] password)?
Shimmy
If you're implementing a membership provider, you should be able to just override the functions, rather than use "new". Then wherever you need to translate a password to/from plaintext, such as in ValidateUser, you can just call the appropriate function.The reason they are in the interface is to give a consistent way of encrypting/decrypting the password to consumers of your provider, rather than them being in the dark as to what encryption algorithm you used.
womp
thanks dude, i really appreciate it
Shimmy
A: 

You need to include the calls to your encryption/decryption methods, something like should do:

public override bool ValidateUser(string username, string password)
{
    string password=query to get the password from the db/users_list;

    return (CheckPassword(password, storedPassword));
}

private bool CheckPassword(string password, string dbpassword)
{
    string pwd1 = password;
    string pwd2 = dbpassword;

    pwd2 = UEncodePassword(dbpassword);

    if (pwd1 == pwd2) return true;

    return false;
}

private string UEncodePassword(string encodedPassword)
{
    string password = encodedPassword;
    password = Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(encodedPassword)));

    return password;
}
tricat