CODEWITHSUNDEEP
.netsecurityasp.net-membership
Brian Hvarregaard
Brian Hvarregaard

Reputation: 4209

Decrypt asp.net membership password from a windows forms application

I have an unusual setup. I have on one machine a web application with standard membership and encrypted password. On another machine i have a windows application where i must use the same user credentials as provided in the web application. I need to be able to retrieve the encrypted password from the database and then decrypt it on the windows app to be able to log in using it. (the windows app will ask the web site via a WCF service for the encrypted password matching a particular username).

All the articles i find tell me to derive from the Membership provider, but i dont have a membership provider in my windows app. And importing it is not an option.

Is there any way i can decrypt the password from the information i have available (knowing the machinekey etc.) ? All within my Window Forms application?

Upvotes: 0

Views: 494

Answers (2)

paparazzo
paparazzo

Reputation: 45096

Method to decrypt but I have not used it.

MembershipProvider.DecryptPassword

And I agree with Joe +1. Would rather pass the password than keys.

Upvotes: 0

to StackOverflow
to StackOverflow

Reputation: 124686

You say that:

the windows app will ask the web site via a WCF service for the encrypted password matching a particular username.

Why not just have the WCF service return the plaintext password? Obviously your WCF service would need to use appropriate security (e.g. HTTPS, net.tcp).

To be secure you would presumably need to authenticate / authorize the caller appropriately, to ensure you're not giving out plaintext passwords to just anybody. But it is probably more secure to do this than to give the client access to cryptographic keys that enable him to decrypt any password.

Upvotes: 1

Related Questions