How to Store Password? Forms Authentication

Question

We are currently using forms auth as follows: FormsAuthentication.SetAuthCookie(userId, rememberMe);

With that we can always get the user id. And we were able to get the user details when you need them using the user id.

With a web service call like

objRegisteredUser = CMembership.GetByLoginID(sLoginID);

We know need to upgrade the site with the new APIS service calls that require the users Password like this:

objRegisteredUser = CMembership.GetByLoginIDandPasword(sLoginID, sPassword);

For the "remember" me function, what would be the best way to remember the password?
Could we encrypt it, then store it in a cookie, then retrieve and decrypt?

We can't populate the new profile without the password.

Any suggestions?
Does storing password data, even encrypted go against best practices?

If I understand correctly, check please [this](http://stackoverflow.com/a/244907/989462) — Dmitresky, Aug 26 '13 at 16:33

score 1 · Answer 1 · answered Aug 26 '13 at 16:21

1

You can use membership class in asp.net
http://msdn.microsoft.com/en-us/library/ff648345.aspx

answered Aug 26 '13 at 16:21

Samiey Mehdi

9,184
18
49
63

score 1 · Accepted Answer · answered Aug 26 '13 at 16:25

1

Passwords should always be stored using a one-way encryption algorithm (SHA). This means you will not be able to retrieve the underlying password. You will only have access to the hashed value.

answered Aug 26 '13 at 16:25

Andy T

10,223
5
53
95

score 0 · Answer 3 · edited May 23 '17 at 12:29

0

The "remember me" button should be used to determine whether or not a cookie should be placed on the user's machine. This is how other developers accomplish your requirement. See below question on SO for further details:

What is the best way to implement "remember me" for a website?

edited May 23 '17 at 12:29

Community

1
1

answered Aug 26 '13 at 16:48

wes

265
1
11

How to Store Password? Forms Authentication

3 Answers3