How can I encrypt the pas开发者_高级运维sword field in asp.net MVC to be store in encrypted form?
Typical workflow would involve generating a salt value and using that to hash the password and then storing them both in the row. This is documented in detail in many places and is easily searched.
If you truly just want a way to quickly hash or encrypt without salt take a look at FormsAuthentication.HashPasswordForStoringInConfigFile
If you are concerned about sending plain text over the wire, use https. Then whether you use https or not use a one way hashing algorithm such as Sha256 to "encrypt" the password and store that in your database (or whatever persistent storage you are using). When a user logs in, use the same algorithm, to convert the text they entered into the hashed text and compare the hashed text with the hashed text in your database.
The easiest way I found is using the Membership Provider from ASP.NET. Then you can configure it in your web.config like this:
<system.web>
<membership>
<providers>
<clear />
<add
name="AspNetSqlMembershipProvider"
(...)
passwordFormat="Hashed"
(...) />
</providers>
</membership>
The best approach i found (and the way how facebook exactly does is)
when the time user enter into browser, javascript encrypt first, then send into application, encrypt with MVC lastly store that in you database.
while user will need that password to login only, when they forgot. make something like password resetting =D
http://forums.asp.net/t/1211478.aspx/1?How+do+I+use+Sha256+to+Encrypt+a+String+
精彩评论