开发者

Is there any way I can maintain password history of a user in ASP.Net application?

开发者 https://www.devze.com 2023-02-05 12:00 出处:网络
I need to view users password 开发者_StackOverflow中文版history in an ASP.net application. Is there any way to achieve it?You have to maintain that as an encrypted string in your backend. Meaning in

I need to view users password 开发者_StackOverflow中文版history in an ASP.net application.

Is there any way to achieve it?


You have to maintain that as an encrypted string in your backend. Meaning in the database or some file system (not recommended).


It depends.

In fact, storing plain passwords is the worst approach in terms of security.

Administrator must not have access to plain passwords, this the reason of most of applications prompts you to create a new one, because passwords are hashed and hashing prevents from reverting to plain text.

If you need to track passwords, you'll need to write a custom membership provider tracking them.


There is nothing built into .Net that will provide this information. You would have to write your own solution to create an audit trail of passwords but this would involve storing passwords in a visible format. Remember the massive caveat about plain passwords though!

So long as you're only doing this for old passwords i.e. storing them AFTER the user has set a new password it should be ok.

0

精彩评论

暂无评论...
验证码 换一张
取 消