We are using the ASPNET membership provider that stores member login information, along with MongoDB to store a secondary set of information.
Because MongoDB does not offer built-in encryption we have decided to encrypt some of the data before inserting it into the database using the member's salt that is in the ASPNET membership provider tables.
How would I go about exposing the salt so that it is accessible in code? I cannot find any methods for this in the default provider classes.
Either that or could anybody suggest a better approach? One of the benefits of having the salt saved in a different place is to protect it from "interlopers".
Thanks, Max.
Here is one approach, you can use the username, e-mail to salt.
public static string hashCalculator(string username, string password)//Use username as salt.
{
byte[] stringbytes = System.Text.Encoding.Unicode.GetBytes(username.ToLower() + password);
return Convert.ToBase64String(new SHA384Managed().ComputeHash(stringbytes));
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.