How do I create a custom asp.net sql membership provider to save hashed passwords in SHA256?

Question

I'm building a web application using the ASP.net Membership Provider to manage, Authentication/Authorisation. I've done this a bunch of times, but this time I need to store the hashed password in SHA256, instead of the standard password hash which is SHA1.

Looking at the overridable methods on the SQLMembershipProvider there is at least one that I think I'm going to have to override in order to get this puppy to work:

byte[] EncryptPassword(byte[] password)

I'll also have to change the aspnet_Membership.Password field cope with the newly hashed password, currently it's only nvarchar(128).

I was hoping that someone with a little more experience on extending the SqlMembershipProvider might be able to give me some pointers.

Thanks.

note: Although I'm using the .net 2.0 membership provider, I'm actually running .net 3.5

score 0 · Accepted Answer · edited May 23 '17 at 10:33

0

I would try following the solutions listed in this answer first before creating my own membership provider:

What is default hash algorithm that ASP.NET membership uses?

As far as I can tell, SHA256 outputs a 64 character string, so you should be safe with the varchar(128) field.

edited May 23 '17 at 10:33

Community

1
1

answered Dec 20 '10 at 14:56

Greg

16,540
9
51
97

Thank you, I haven't a chance to check this yet but I hope it really is this simple. – Tr1stan Jan 17 '11 at 10:51

How do I create a custom asp.net sql membership provider to save hashed passwords in SHA256?

1 Answers1