how can I have or set the passwordAnswer Field as encrypted/non readable format/hashed just like the password field?
thanks
Unfortunately the standard SQLMembershipProvider doesn't hash the passwordAnswer field - so if you'd like to do that you'll have to create your own custom membership provider.
I simply don't use the requiresQuestionAndAnswer setting, as Microsoft's implementation of it doesn't allow an administrator to reset the password if this is turned on.
yep.
so lets say i have a custom page and i want to verify a passwordAnswer from UI against the Hashed in database, how would I do that? clear to convert to hash for comparison? is there an api method i can use?
thanks/
I'd probably create a new MembershipProvider that inherits from SQLMembershipProvider. Then you could just override any methods that take passwordanswer as a parameter and hash it's value. And while you're at it, you could modify it to not require the passwordAnswer to reset a user's password.
Alternatively, instead of creating a custom membership provider, you could update the stored procedures on aspnetdb to do the hashing there.
which Hashing is used MD5? do you might have a sample code i can look at?
Actually Microsoft has released the code for it - so you can check out how they hash the existing passwords and use it to make customizations. Here's the link:
Thanks. the code in the release helped out and it's working. Thank you.