views:

245

answers:

3

We are creating a new site using ASP.NET membership provider for user registration and log in. Our old system encrypted user passwords so that we could recover them if we needed to.

I am having a great deal of trouble figuring out if it is possible to use ASP.NET membership functions to simply encrypt the password when the user registers and then unencrypt it so I can see it.

Documentation for this is neigh non-existant.

I know how to configure Web.config to have it store passwords as encrypted ala passwordFormat="Encrypted" in the provider and assigning a validationKey in the machineKey, however it seems like the password still gets hashed (though perhaps it is just well encrypted). Either way I cannot decifer how the password can be recovered (by us) if neccessary.

Thanks!

+2  A: 

You need to use passwordFormat="Encrypted" rather than passwordFormat="Hashed". Then you can use the DecryptPassword method of the MembershipProvider to decrypt the password when necessary.

John Bledsoe
A: 

I assume you are using the SQLMembershipProvider that MS supplies. If so then why not use the built-in question and answer functionality to allow the user to reset their password. Alternatively (or additionally) reset their password for them and email the new one to them. This way your app can't expose a users password to anyone accidentally.

If you really need to decrypt their passwords then the passwordFormat must be set to "Encrypted". See DecryptPassword for information on decrypting the password. For details on how to configure for decryption see the PasswordFormat, note that it says you must specify the decryptionKey attribute of the machineKey element.

confusedGeek
I am aware of DecryptPassword but I cannot get VWD2010 to recognize it as a method. No matter what references I provide or namespaces I use. Any idea why this is the case?
smdrager
Try using System.Web.Security.Membership.Default.DecryptPassword. DecryptPassword is part of the MembershipProvider class signature so it has to be there. Note that System.Web.Security.Membership is a static class that doesn't expose the same methods as the implementing classes.
confusedGeek
+2  A: 

Storing passwords in recoverable format is a very poor idea. If you can recover them so can anyone who breaks into your server.

You're better off using a standard hash+salt approach and having a password reset mechanism to handle the case where users forget their password.

frankodwyer
This is a possibility. It would be very bad PR if account information ever got out.
smdrager