Membership - how to change from clear-text to encrypted?

[Paul]

Hello,

We have an existing site with members and we're using the default membership
system for ASP.NET 2.0.

The original developer set up membership with clear-text passwords and we'd
like to change to enrypted passwords. Does anyone know how to change the
member's passwords behind the scenes to be the same password they had before,
but enrypted? We'd like to do it for them so that the user's don't have to
do anything and can just log in as normal.

Any ideas on how to solve this? We've done a bunch of research on how the
membership system derives the encrypted passwords so that we can just mimick
it in code, but we've been unable to make it work.

Thanks,

Paul

 

[Dominick Baier [DevelopMentor]]

Encrypted or Hashed?

If encrypted - why?

 

[Paul]

Dominick,

Thanks for the response. We're looking to encrypt the existing passwords
for existing users. We're trying to move all of the users, old and new to
encrypted passwords.

Paul

 

[Dominick Baier [DevelopMentor]]

Hi,

why do you want to encrypt them as opposed to store the hash -

hashing is much easier - non reversible and you don't need a key...

I guess the easiest is to write a little programm that calls Membership.CreateUser
for each of your accounts.

 

[Dominick Baier [DevelopMentor]]

hi,

you cannot just "flip a switch" to change the password format - you have
to re-create the users using the new provider settings...

at leat i have not found another possibility...

 

[Paul]

Dominick,

That's what we were afraid of. We tried all kinds of tricks, but haven't
been able to find a solution. Looping through the existing users and
recreating them as new may be the only option.

Paul