passwordAnswer as Encrypted

how can I have or set the passwordAnswer Field as encrypted/non readable format/hashed just like the password field?


Unfortunately the standard SQLMembershipProvider doesn't hash the passwordAnswer field - so if you'd like to do that you'll have to create your own custom membership provider.

I simply don't use the requiresQuestionAndAnswer setting, as Microsoft's implementation of it doesn't allow an administrator to reset the password if this is turned on.


so lets say i have a custom page and i want to verify a passwordAnswer from  UI against the Hashed in database, how would I do that? clear to convert to hash for comparison? is there an api method i can use?


I'd probably create a new MembershipProvider that inherits from SQLMembershipProvider.  Then you could just override any methods that take passwordanswer as a parameter and hash it's value.  And while you're at it, you could modify it to not require the passwordAnswer to reset a user's password.

Alternatively, instead of creating a custom membership provider, you could update the stored procedures on aspnetdb to do the hashing there.

which Hashing is used MD5? do you might have a sample code i can look at?

Actually Microsoft has released the code for it - so you can check out how they hash the existing passwords and use it to make customizations. Here's the link:

Thanks. the code in the release helped out and it's working. Thank you.