12.8. Implementing Custom Encryption

In the previous chapter, you saw how to implement custom hash algorithms that work with SqlMembershipProvider. Unlike hash operations, encryption is not something that can be declaratively customized using the <membership /> element. While hash operations are pretty straightforward from an API standpoint (a byte[] goes in, and a different byte[] comes out the other side), encryption operations are not as simple to make universally configurable.

If you choose encrypted passwords with Membership, by default SqlMembershipProvider will use the encryption routines buried within the internals of the <machineKey /> configuration section. There had been consideration at one point of making the encryption capabilities in this configuration section more generic and more customizable. However, that work was never done because configuring encryption algorithms can involve quite a number of initialization parameters (initialization vectors, padding modes, algorithm specific configuration properties, and so on).

Therefore, if you want to use a custom encryption algorithm in conjunction with SqlMembershipProvider, you will need to write some code. The base class MembershipProvider exposes the EncryptPassword and DecryptPassword methods as protected virtual. You can derive from SqlMembershipProvider and override these two methods because internally the SQL provider encrypts and decrypts data by calling these base class methods. The method signatures for encryption ...

Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.