怎么样?加密和解密ASP.NET用户成员的密码 [英] How? Encrypt and Decrypt user membership passwords in ASP.NET
问题描述
我们正在使用ASP.NET成员资格提供用户注册和登录,创建一个新的网站。我们的老系统进行了加密用户密码,这样,如果我们需要,我们可以恢复它们。
We are creating a new site using ASP.NET membership provider for user registration and log in. Our old system encrypted user passwords so that we could recover them if we needed to.
我有麻烦了很大搞清楚是否可以使用ASP.NET隶属函数简单地加密密码,当用户寄存器,然后解密,所以我可以看到它。
I am having a great deal of trouble figuring out if it is possible to use ASP.NET membership functions to simply encrypt the password when the user registers and then unencrypt it so I can see it.
此文档嘶是不存在的。
Web.config中有它密码保存为加密的ALA
了passwordFormat =加密的供应商,并在machineKey中分配的validationKey,但它似乎像密码仍然得到散列(虽然也许它只是以及加密)。无论哪种方式(美国),我不能decifer密码怎么可以恢复,如果neccessary。
I know how to configure Web.config to have it store passwords as encrypted ala passwordFormat="Encrypted" in the provider and assigning a validationKey in the machineKey, however it seems like the password still gets hashed (though perhaps it is just well encrypted). Either way I cannot decifer how the password can be recovered (by us) if neccessary.
谢谢!
推荐答案
在可恢复格式存储密码是一个非常贫穷的想法。如果你能恢复他们,所以任何人都可以谁闯入你的服务器。
Storing passwords in recoverable format is a very poor idea. If you can recover them so can anyone who breaks into your server.
您最好使用一个标准的哈希+盐的做法并具有密码重置机制来处理用户忘记密码的情况。
You're better off using a standard hash+salt approach and having a password reset mechanism to handle the case where users forget their password.
这篇关于怎么样?加密和解密ASP.NET用户成员的密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!