Reputation: 3499
Validate password in asp.net
I am using the SqlMembershipProvider and when the login is done, I am trying to check if the password is wrong and give a corresponding message.
The problem is that in code I cannot get the password because it is hashed; the same case occurs when it is encrypted. So, I can't compare it with current password given by the user (I need to keep the passwords on server hashed or encrypted.)
This is a part of the code:
string pass = user.GetPassword("myAnswer");
if (!pass.ToUpper().Equals(Login1.Password.ToUpper()))
{
Login1.FailureText = "Password is wrong !";
}
So, should I set the password as clear in SqlMembershipProvider and then implement my own encrypting password mechanism? Is this the right way? I am thinking that the SqlMembershipProvider framework should handle this case somehow.
Upvotes: 1
Views: 1695
Answers (2)
Reputation: 48230
Membership providers handle your concern by providing a method to validate hashed passwords:
if ( Membership.ValidateUser( txtUserName.Text, txtPassword.Text ) )
{
}
Upvotes: 4
Reputation: 10512
The correct approach is to hash incoming user password, retrieve correct hash from DB and compare hashes, not the open passwords.
Upvotes: 0
Related Questions
- ASP MVC Validation Password and confirm password
- Simple password validation c# MVC
- change password control validation
- Validating username and password in a database in asp.net
- Validation of asp.net identity password
- validate password in code or stored procedure
- How to validate an ASP password login form?
- How can i validate password for user login
- how to validate username and password valid or not in login control using asp.net
- ASP.NET Membership validate password