Sorry, without a single line of a code sample, it's nearly impossible to see what were your mistakes. To get you some general ideas, please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[
^],
Decryption of Encrypted Password[
^],
storing password value int sql server with secure way[
^].
You have everything to implement the use of
cryptographic cache function explained in my answers referenced above.
Client-side:
http://code.google.com/p/crypto-js[
^].
Server-side, .NET:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256%28v=vs.110%29.aspx[
^].
Still, this is not safe enough if you are not using SSL. Otherwise, even though a malicious intruder cannot get the original password, its hash can be eavesdropped, and then this person can impersonate a customer and then modify a password or do other harm. But the most vulnerable point will be the process of setting up an initial password, if the traffic is eavesdropped. So, try use both SSL and cryptographic hash for passwords.
—SA