469,903 Members | 1,911 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,903 developers. It's quick & easy.

.NET 2.0 - Security Question and Answer

I have set up my web application to utilize an ADAM membership
provider. Everything is going well, except I do not wish to utilize
the built-in PasswordRecovery control (I don't want the randomly
generated password emailed to the user). I want to ask the user the
security question, check the answer, and then allow them to immediately
change their password.

By utilizing the built-in CreateUserWizard, the security answer is
automatically encrypted in ADAM utlizing the machinekey in the
Web.config file. Is there a way for me to decrypt this answer? Or at
least encrypt it and compare the resulting strings?

Thanks for any help (or suggetions on how I could approach this)

Jan 10 '06 #1
1 1392
In case anyone has the same issue, I ended up overwriting what the
CreateUserWizard placed in the directory with my own value. When the
UserCreated event fires, I then overwrite the control's encrypted value
with my own. I used an SHA1 hash to secure the answer.

Now, my custom password recovery control asks for the answer, performs
the same SHA1 hash, and then compares the hash values to ensure the
correct answer was given.

Jan 25 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Uma | last post: by
116 posts views Thread by Mike MacSween | last post: by
1 post views Thread by Jeremy S. | last post: by
18 posts views Thread by Earl Anderson | last post: by
1 post views Thread by Waqarahmed | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.