By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,850 Members | 972 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,850 IT Pros & Developers. It's quick & easy.

.NET 2.0 - Security Question and Answer

P: n/a
I have set up my web application to utilize an ADAM membership
provider. Everything is going well, except I do not wish to utilize
the built-in PasswordRecovery control (I don't want the randomly
generated password emailed to the user). I want to ask the user the
security question, check the answer, and then allow them to immediately
change their password.

By utilizing the built-in CreateUserWizard, the security answer is
automatically encrypted in ADAM utlizing the machinekey in the
Web.config file. Is there a way for me to decrypt this answer? Or at
least encrypt it and compare the resulting strings?

Thanks for any help (or suggetions on how I could approach this)

Jan 10 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
In case anyone has the same issue, I ended up overwriting what the
CreateUserWizard placed in the directory with my own value. When the
UserCreated event fires, I then overwrite the control's encrypted value
with my own. I used an SHA1 hash to secure the answer.

Now, my custom password recovery control asks for the answer, performs
the same SHA1 hash, and then compares the hash values to ensure the
correct answer was given.

Jan 25 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.