I am using a SqlMembershipProvider and storing my passwords as hashed. I am also keeping a history of the (hashed) passwords in another table. I want to be able to compare the password a user tries to change their password to, to their old passwords and throw an error if it was too recent. I do not seem to be able to figure out how to use the hashing functions to do this. Basically what I am looking for is a method like this:
public bool PasswordCompare(string plaintextPassword, string salt, string hashedPassword)
{
//where the salt and hashedPassword are pulled out of the aspnet_Membership table
//which are automatically generated by the provider
}
I hope this is clear, thank you.
This post has some good info. Looks like you have to:
...implement your own customized MembershipProvider, record the password history and encrypt the password by your self.