I used to encrypt and store my applications (Web Forms – Windows Forms) user password in the database.
I usually during the creation of a new user, I get the user password as a plain text and I create a new hash value then I encrypt the concatenation of the password plain text and the hash value. I store both the encrypted password and the hash value in the database.
During the user login authentication process I get the supplied user password as plain text then I retrieve the stored hash and the encrypted password for that user from the database. I repeat the same encryption again which I used during the new user creation operation but with concatenation of the retrieved hash from the database and the supplied plain text password then I compare both the database retrieved encrypted password with new encrypted password. If they are matching the login validation passes otherwise it fails.
I used to use "FormsAuthentication.HashPasswordForStoringInConfigFile" in the namespace "System.Web.Security" to encrypt the passwords for both of my windows Forms and web forms applications. But now with the .Net framework 4.5 the following method:
"HashPasswordForStoringInConfigFile(Password as string, PasswordFormat as string) as string" is obsolete.
Please anyone have any idea what is the new alternative for this method?