I have a ASP.NET MVC membership project, now I have been given the task to implement a memorable word.
I have done some research and have got nothing in the last couple of weeks, so looking here for some help.
I have http://www.asp.net/web-forms/tutorials/security/admin/recovering-and-changing-passwords-cs and its corresponding links and most of the it talks about of a question and answer
RequiresQuestionAndAnswer
Its not what I need exactly, here is what I need,
- When creating a user I accept a 6/8 letter memorable word
- Every time I log-in I need to ask any 3 characters from the memorable word and they have to match
- If the entered characters are wrong, he will have to try to re-enter the same 3 characters for another 2 more tries after which I will lock his account.
Is there a provision to do it? or does it have to be implemented?
Do you ask for a password in addition to a memorable word? If not, you could use the password property in the membership provider as your memorable word.
You will have to change the passwordFormat to Encrypted or Clear (I recommend Encrypted). Then, when the user tries to sign in, you get the password for that user. (This is why the password can’t be Hashed, because a hashed password can never be decrypted to its original value.)
Once you have the password, it should be a simple algorithm to compute whether or not the password contains the 3 characters entered. If it does not, return a validation error. If it does, write the authentication cookie and redirect.
Update
Since you are also asking for a password, I don’t think you will be able to use the membership provider for this requirement. You will have to implement it separately from the provider.