How? Encrypt and Decrypt user membership passwords in ASP.NET

Question

We are creating a new site using ASP.NET membership provider for user registration and log in. Our old system encrypted user passwords so that we could recover them if we ne

Answer 1

I assume you are using the SQLMembershipProvider that MS supplies. If so then why not use the built-in question and answer functionality to allow the user to reset their password. Alternatively (or additionally) reset their password for them and email the new one to them. This way your app can't expose a users password to anyone accidentally.

If you really need to decrypt their passwords then the passwordFormat must be set to "Encrypted". See DecryptPassword for information on decrypting the password. For details on how to configure for decryption see the PasswordFormat, note that it says you must specify the decryptionKey attribute of the machineKey element.