Membership - how to change from clear-text to encrypted?

Discussion in 'ASP .Net Security' started by Paul, Feb 12, 2006.

  1. Paul

    Paul Guest

    Hello,

    We have an existing site with members and we're using the default membership
    system for ASP.NET 2.0.

    The original developer set up membership with clear-text passwords and we'd
    like to change to enrypted passwords. Does anyone know how to change the
    member's passwords behind the scenes to be the same password they had before,
    but enrypted? We'd like to do it for them so that the user's don't have to
    do anything and can just log in as normal.

    Any ideas on how to solve this? We've done a bunch of research on how the
    membership system derives the encrypted passwords so that we can just mimick
    it in code, but we've been unable to make it work.

    Thanks,

    Paul
    Paul, Feb 12, 2006
    #1
    1. Advertising

  2. Encrypted or Hashed?

    If encrypted - why?

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello,
    >
    > We have an existing site with members and we're using the default
    > membership system for ASP.NET 2.0.
    >
    > The original developer set up membership with clear-text passwords and
    > we'd like to change to enrypted passwords. Does anyone know how to
    > change the member's passwords behind the scenes to be the same
    > password they had before, but enrypted? We'd like to do it for them
    > so that the user's don't have to do anything and can just log in as
    > normal.
    >
    > Any ideas on how to solve this? We've done a bunch of research on how
    > the membership system derives the encrypted passwords so that we can
    > just mimick it in code, but we've been unable to make it work.
    >
    > Thanks,
    >
    > Paul
    >
    Dominick Baier [DevelopMentor], Feb 12, 2006
    #2
    1. Advertising

  3. Paul

    Paul Guest

    Dominick,

    Thanks for the response. We're looking to encrypt the existing passwords
    for existing users. We're trying to move all of the users, old and new to
    encrypted passwords.

    Paul


    "Dominick Baier [DevelopMentor]" wrote:

    > Encrypted or Hashed?
    >
    > If encrypted - why?
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hello,
    > >
    > > We have an existing site with members and we're using the default
    > > membership system for ASP.NET 2.0.
    > >
    > > The original developer set up membership with clear-text passwords and
    > > we'd like to change to enrypted passwords. Does anyone know how to
    > > change the member's passwords behind the scenes to be the same
    > > password they had before, but enrypted? We'd like to do it for them
    > > so that the user's don't have to do anything and can just log in as
    > > normal.
    > >
    > > Any ideas on how to solve this? We've done a bunch of research on how
    > > the membership system derives the encrypted passwords so that we can
    > > just mimick it in code, but we've been unable to make it work.
    > >
    > > Thanks,
    > >
    > > Paul
    > >

    >
    >
    >
    Paul, Feb 13, 2006
    #3
  4. Hi,

    why do you want to encrypt them as opposed to store the hash -

    hashing is much easier - non reversible and you don't need a key...

    I guess the easiest is to write a little programm that calls Membership.CreateUser
    for each of your accounts.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Dominick,
    >
    > Thanks for the response. We're looking to encrypt the existing
    > passwords for existing users. We're trying to move all of the users,
    > old and new to encrypted passwords.
    >
    > Paul
    >
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> Encrypted or Hashed?
    >>
    >> If encrypted - why?
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hello,
    >>>
    >>> We have an existing site with members and we're using the default
    >>> membership system for ASP.NET 2.0.
    >>>
    >>> The original developer set up membership with clear-text passwords
    >>> and we'd like to change to enrypted passwords. Does anyone know how
    >>> to change the member's passwords behind the scenes to be the same
    >>> password they had before, but enrypted? We'd like to do it for them
    >>> so that the user's don't have to do anything and can just log in as
    >>> normal.
    >>>
    >>> Any ideas on how to solve this? We've done a bunch of research on
    >>> how the membership system derives the encrypted passwords so that we
    >>> can just mimick it in code, but we've been unable to make it work.
    >>>
    >>> Thanks,
    >>>
    >>> Paul
    >>>
    Dominick Baier [DevelopMentor], Feb 13, 2006
    #4
  5. hi,

    you cannot just "flip a switch" to change the password format - you have
    to re-create the users using the new provider settings...

    at leat i have not found another possibility...

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello,
    >
    > We have an existing site with members and we're using the default
    > membership system for ASP.NET 2.0.
    >
    > The original developer set up membership with clear-text passwords and
    > we'd like to change to enrypted passwords. Does anyone know how to
    > change the member's passwords behind the scenes to be the same
    > password they had before, but enrypted? We'd like to do it for them
    > so that the user's don't have to do anything and can just log in as
    > normal.
    >
    > Any ideas on how to solve this? We've done a bunch of research on how
    > the membership system derives the encrypted passwords so that we can
    > just mimick it in code, but we've been unable to make it work.
    >
    > Thanks,
    >
    > Paul
    >
    Dominick Baier [DevelopMentor], Feb 13, 2006
    #5
  6. Paul

    Paul Guest

    Dominick,

    That's what we were afraid of. We tried all kinds of tricks, but haven't
    been able to find a solution. Looping through the existing users and
    recreating them as new may be the only option.

    Paul


    "Dominick Baier [DevelopMentor]" wrote:

    > hi,
    >
    > you cannot just "flip a switch" to change the password format - you have
    > to re-create the users using the new provider settings...
    >
    > at leat i have not found another possibility...
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hello,
    > >
    > > We have an existing site with members and we're using the default
    > > membership system for ASP.NET 2.0.
    > >
    > > The original developer set up membership with clear-text passwords and
    > > we'd like to change to enrypted passwords. Does anyone know how to
    > > change the member's passwords behind the scenes to be the same
    > > password they had before, but enrypted? We'd like to do it for them
    > > so that the user's don't have to do anything and can just log in as
    > > normal.
    > >
    > > Any ideas on how to solve this? We've done a bunch of research on how
    > > the membership system derives the encrypted passwords so that we can
    > > just mimick it in code, but we've been unable to make it work.
    > >
    > > Thanks,
    > >
    > > Paul
    > >

    >
    >
    >
    Paul, Feb 13, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. moi
    Replies:
    0
    Views:
    590
  2. shapper
    Replies:
    1
    Views:
    345
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Feb 23, 2007
  3. David

    Response.Clear() doesn't clear

    David, Jan 31, 2008, in forum: ASP .Net
    Replies:
    2
    Views:
    995
    Mark Fitzpatrick
    Jan 31, 2008
  4. JimLad
    Replies:
    2
    Views:
    804
    JimLad
    Jan 20, 2010
  5. InvalidLastName

    Unrecognized element 'add' after <clear></clear>

    InvalidLastName, Feb 26, 2007, in forum: ASP .Net Web Services
    Replies:
    3
    Views:
    926
    Steven Cheng[MSFT]
    Mar 6, 2007
Loading...

Share This Page