How to Store Password? Forms Authentication

We are currently using forms auth as follows: FormsAuthentication.SetAuthCookie(userId, rememberMe);

With that we can always get the user id. And we were able to get the user details when you need them using the user id.

With a web service call like

objRegisteredUser = CMembership.GetByLoginID(sLoginID);

We know need to upgrade the site with the new APIS service calls that require the users Password like this:

objRegisteredUser = CMembership.GetByLoginIDandPasword(sLoginID, sPassword);

For the "remember" me function, what would be the best way to remember the password?
Could we encrypt it, then store it in a cookie, then retrieve and decrypt?

We can't populate the new profile without the password.

Any suggestions?
Does storing password data, even encrypted go against best practices?

Upvotes: 0

Answers (3)

wes

Reputation: 265

The "remember me" button should be used to determine whether or not a cookie should be placed on the user's machine. This is how other developers accomplish your requirement. See below question on SO for further details:

What is the best way to implement "remember me" for a website?

Upvotes: 0

Andy T

Reputation: 9881

Passwords should always be stored using a one-way encryption algorithm (SHA). This means you will not be able to retrieve the underlying password. You will only have access to the hashed value.

Upvotes: 1

Samiey Mehdi

Reputation: 9414

You can use membership class in asp.net
http://msdn.microsoft.com/en-us/library/ff648345.aspx

Upvotes: 1

How to Store Password? Forms Authentication

Answers (3)

Related Questions