O'Reilly logo

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB by Stefan Schackow, Bilal Haidar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

11.6. Using Custom Hash Algorithms

The <membership /> configuration element includes the hashAlgorithmType configuration attribute. By default the Membership feature (or more specifically the SqlMembershipProvider) uses SHA1 when storing passwords. You can set this attribute to any string that the .NET Framework recognizes as a valid hashing algorithm, and the SqlMembershipProvider will use that algorithm instead. If you look at the documentation for the System.Security,Cryptography.HashAlgorithm class's Create method, there is a list of the default strings (that is, simple names) that the .NET Framework recognizes and supports for referring to hash algorithms. Any one of these strings can be used in the hashAlgorithmType attribute. You can retrieve the name of the hashing algorithm configured for the Membership feature by getting the value of the Membership.HashAlgorithm property.

Although the hash algorithm is a feature-level setting, it is really more of an opt-in approach for individual providers. The setting on the <membership /> element would be useless if individual Membership providers didn't explicitly read the value from the Membership.HashAlgorithm property and then internally make use of the correct algorithm. Currently, the hashing functionality for the SqlMembershipProvider calls an internal method on MembershipProvider. This internal method, in turn, creates the appropriate hash algorithm based on the hashAlgorithmType attribute and then hashes the password with ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required