Encrypting and Hashing User Passwords

Both of the default Membership providers included in the ASP.NET Framework enable you to store user passwords in three ways:

Clear— Passwords are stored in clear text.

Encrypted— Passwords are encrypted before they are stored.

Hashed— Passwords are not stored. Only the hash values of passwords are stored. (This is the default value.)

You configure how passwords are stored by setting the passwordFormat attribute in the web configuration file. For example, the web configuration file in Listing 27.18 configures the SqlMembershipProvider to store passwords in plain text.

Listing 27.18. Web.Config


The default ...

Get ASP.NET 4 Unleashed now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.