ASP.NET 4 Unleashed

Encrypting and Hashing User Passwords

Both of the default Membership providers included in the ASP.NET Framework enable you to store user passwords in three ways:

• Clear— Passwords are stored in clear text.

• Encrypted— Passwords are encrypted before they are stored.

• Hashed— Passwords are not stored. Only the hash values of passwords are stored. (This is the default value.)

You configure how passwords are stored by setting the passwordFormat attribute in the web configuration file. For example, the web configuration file in Listing 27.18 configures the SqlMembershipProvider to store passwords in plain text.

Listing 27.18. Web.Config

images

The default ...

Get ASP.NET 4 Unleashed now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET 4 Unleashed by Stephen Walther, Kevin Hoffman, Nate Dudek

Encrypting and Hashing User Passwords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly