i have application that uses asp.net membership. Unfortunately users password are stored using PasswordFormat clear. I want to change password to hashed format without asking user to setting theirs again. Another restriction is that UserId in Membership table can't be changed. Does anyone have any idea how to do it ?
Asked
Active
Viewed 9,626 times
2 Answers
2
You can encrypt the passwords by configuring the membership provider setting & keys in web.config
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
passwordStrengthRegularExpression="^([1-zA-Z0-1@.\s]{1,255})$"
applicationName="NitinJS" />
</providers>
</membership>
Nitin Sawant
- 7,278
- 9
- 52
- 98
-
But i need to have passwordformat hashed not encypt. I need to get salt and hashed password instead of clear password. – geek Apr 06 '12 at 07:49
2
In your web.config go to
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider"
type="MyProviders.SqlMembershipProvider"
connectionStringName="MyConnectionString"
maxInvalidPasswordAttempts="5"
passwordAttemptWindow="10"
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="4"
passwordStrengthRegularExpression=""
passwordFormat="Hashed"
enablePasswordReset="true"
enablePasswordRetrieval="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true" />
</providers>
</membership>
And there's a "key generator" snippet in this MSDN article, run it twice and shove them in your web.config as:
<system.web>
<machineKey
validationKey="<blah>"
decryptionKey="<blah>"
validation="SHA1"
decryption="AES"
/>
</system.web>
coder
- 13,002
- 31
- 112
- 214