0

I use the following code to hash passwords:

string passw = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1");

Above works just fine but I get a warning which says: Warning 103 

'System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)' is obsolete: 'The recommended alternative is to use the Membership APIs, such as Membership.CreateUser.

So far I have not being able to find the equivalent code using the membership API.

S Nash
  • 2,363
  • 3
  • 34
  • 64
  • 1
    as a side note => `Membership.CreateUser` would create a user with hashed password and would store it in database. – Jenish Rabadiya Apr 07 '15 at 11:22
  • his is an enterprise application and user name and passwords are stored in users table in the DB, (not web config file). How you store result of CreateUser method in SQL Server database? – S Nash Apr 07 '15 at 11:39
  • @S Nash - Yes I know So I mentioned it like as a side note :) – Jenish Rabadiya Apr 07 '15 at 11:41

1 Answers1

1

You do not worry about hashing the password. When you use CreateUser method it will be already hashed (depending on the configuration in the WebConfig). 

Membership.CreateUser("username", "password");

UPDATE

If you want to configure password options, you can do this in Web.Config using passwordFormat attribute as discussed here: https://stackoverflow.com/a/4949728/1845408

Here is a good discussion on hashing passwords in C#, hope this helps:

Hash and salt passwords in C#

Community
  • 1
  • 1
renakre
  • 8,001
  • 5
  • 46
  • 99
  • This is an enterprise application and user name and passwords are stored in users table in the DB, (not web config file). How you store result of CreateUser method in the database? – S Nash Apr 07 '15 at 11:29
  • The buttom line question is how to store the user name and password(hashed) in the database. I do not need DB code, but I need to have username and password(hashed) before I write them to the DB. – S Nash Apr 07 '15 at 11:53
  • I got it you mean you are not using asp.net membership authentication, and that is why you need to hash the password, is that right? – renakre Apr 07 '15 at 12:16
  • you should check this link : http://stackoverflow.com/questions/2138429/hash-and-salt-passwords-in-c-sharp – renakre Apr 07 '15 at 12:19