The Membership table for our ASP.NET site has the encrypted passwords and password salts stored when a user logs in.
The site is already served over an HTTPS connection, but we would like to give our clients the ability to download and save certain files and documents. We would like to have those documents encrypted (essentially password protected), which we can do, but, we would like to have them be able to open those enrypted documents using the password they use to login to the site.
Is it possible to do this?
Essentially, I don't see how it would be difficult. We don't want to know the user's password, all we want is to essentially "wrap" the contents of a file in a shell (zip file or whatever) and when they open the file, the password they provide is checked against the embedded password and salt values and if they match, open, if not, don't. I'm just not sure if it's possible when encrypting a file, or password protecting it, to be able to say, essentially, "OK, password protect this file, here's the password that's already encrypted using XYZ algorythm. Don't encrypt it again, it already is."
Does this make sense?