Last post Sep 17, 2018 07:03 AM by Mikesdotnetting
Sep 17, 2018 02:19 AM|rcnjstudent|LINK
I'm still new to ASP.net and am trying to build a site that operates on a Membership basis. Part of the site will be protected and will require an account. I tried using the Membership schema but found it difficult to work with, and then when I moved my
SQL Server to Azure it broke entirely since it uses Universal Provider or something along those lines. I've been stuck on this for months and am very frustrated.
I have a functional Login/Registration page that I created and uses TripleDES to encrypt the password for now. I was trying to block access to the member's only page by checking their session to see if they had a login name identified with their session,
then if not redirect them to the login/registration page. Is this good practice or am I setting myself up for getting hacked? Is setting up TripleDES on my own asking for trouble? The code for the TripleDES was largely sourced from this example: https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.tripledes?redirectedfrom=MSDN&view=netframework-4.7.2
Thanks in advance!
Sep 17, 2018 07:03 AM|Mikesdotnetting|LINK
I have a legacy Web Forms application which needed some kind of authentication added to it. Like you, I didn't want to use Membership or Identity, so I reused the code from the
Web Pages Crypto helper class to hash passwords and then verify them. It uses SHA256, which is what Identity uses.