Hiding Profile Properties from the admin searchable fields

I need to store usernames and passwords for another app so users can click a link and connect directly to the second app without logging in again.

I want to just store this information in the UserInfo.Profile.ProfileProperties collection, but I don't want admins (or anyone) to be able to select the password field as a search criteria in the User tool (you can drop down a list of fields to search by when logged in as admin or host within the user management tool of DNN)

I wonder if there is a different way to quickly store user info within DNN (I don't want to write my own tables, sp's and all the CRUD objects, I just want to piggy-back on DNN functionality) OR if there is a way to hide this option from search results.

Secondarily, is there an easy way to encrypt the passwords when storing them? I am considering making it a requirement that they just use the password from the other app as their password for our app so I can count on the DNN password encryption mechanism.

I wanted to start this post by saying that I have spent a fair amount of time looking through the forums on Snapsis and have been incredibly impressed. This beats the pants off the DotNetNuke forums (or any other DNN forums I have found) in terms of actual useful information and helpful posts and comments. I didn't put this comment first however because I wanted this post to actually be read. Thanks to Snapsis for creating this great community and I look forward to getting more involved.

.john.

Hi John,

Thanks for the compliments.

I have never tried anything like this, but I think based on your wants/needs you could probably store the information in the Profile table. It has the UserId and a ProfileData field that you could put the password in.

If you want to use the DNN API to put info into that table you would use the Personalization object.

I would recommend using a one way Hash instead of encryption.  You can do that with a function like this:

        public static string GetMD5Hash(string raw)
        {
            MD5 md5serv = MD5CryptoServiceProvider.Create();
            byte[] hash;
            StringBuilder sb = new StringBuilder();
            ASCIIEncoding asciienc = new ASCIIEncoding();
            byte[] buffer = asciienc.GetBytes(raw);
            hash = md5serv.ComputeHash(buffer);
            foreach (byte b in hash)
            {
                sb.Append(b.ToString("x2"));
            }
            return sb.ToString();
        }

Cool, I think this addresses both my concerns. I did 5 minutes of digging and it looks like personalization is just something like this (untested):

                String u = MyUsername.Text;
                String p = GetMD5Hash(MyPassword.Text);
                DotNetNuke.Services.Personalization.Personalization.SetProfile("MyModuleName","MyUsername",u);
                DotNetNuke.Services.Personalization.Personalization.SetProfile("MyModuleName","MyPassword",p);

So, to go ahead and put it out there, without digging up MD5 stuff (not too familiar with workings of it all) - how would I get the password back out when the time came?

                String u = DotNetNuke.Services.Personalization.Personalization.GetProfile("MyModuleName","MyUsername");
                String p = MagicVooDooMethod(DotNetNuke.Services.Personalization.Personalization.GetProfile("MyModuleName","MyPassword"));

I did find the MSDN article explaining a bit more of the method you referenced. http://msdn2.microsoft.com/en-us/library/system.security.cryptography.md5cryptoserviceprovider.aspx

I think I am close, I've been going for 20 hours straight on several projects so everything is getting fuzzy right now. Any more pointers would be very welcome. Thanks for the help.