.NET 2.0 - Security Question and Answer

J.G. · Jan 10, 2006

I have set up my web application to utilize an ADAM membership
provider. Everything is going well, except I do not wish to utilize
the built-in PasswordRecovery control (I don't want the randomly
generated password emailed to the user). I want to ask the user the
security question, check the answer, and then allow them to immediately
change their password.

By utilizing the built-in CreateUserWizard, the security answer is
automatically encrypted in ADAM utlizing the machinekey in the
Web.config file. Is there a way for me to decrypt this answer? Or at
least encrypt it and compare the resulting strings?

Thanks for any help (or suggetions on how I could approach this)

J.G. · Jan 25, 2006

In case anyone has the same issue, I ended up overwriting what the
CreateUserWizard placed in the directory with my own value. When the
UserCreated event fires, I then overwrite the control's encrypted value
with my own. I used an SHA1 hash to secure the answer.

Now, my custom password recovery control asks for the answer, performs
the same SHA1 hash, and then compares the hash values to ensure the
correct answer was given.

Adding security question/answer check to ASP.NET ChangePassword control	2	Aug 15, 2008
Question/Answer in .net 2.0	0	Jan 18, 2007
Change a users password without knowing the old password nor the answer to the password question	1	Jan 15, 2009
Changing secret question/answer	1	May 17, 2006
How do i get the security question answer?	0	Jul 2, 2006
Changing a users password without knowing the old password nor the answer to the password question	2	Jan 15, 2009
asp.net 2.0 membership secuirty password recovery without security question?	0	Jun 5, 2007
<asp:PasswordRecovery -- remove security question	5	Jan 8, 2006

.NET 2.0 - Security Question and Answer

J.G.

J.G.

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads