asp.net membership - How do I use the built-in password encryption in the MembershipProvider? -


i writing custom membershipprovider. of course want encrypt password user creates. presume .net has encrypts passwords. , how use it? size of string output? have written membership providers before, has been verify user valid. first time need add user registration , login.

i sure not using right search terms, google has not shown me of value me.

first of shouldn't encrypt passwords. should hash them (there's forever going debate this).

for hashing passwords use hmacsha1. example when create user , before store password:

hmacsha1 hash = new hmacsha1(); hash.key = youkey; // use machine key encodedpassword =  convert.tobase64string(hash.computehash(encoding.unicode.getbytes(password))); 

and store value in database. can compare entered password hashing , comparing hashed values.

of course need specify password hashed in config file:

<membership defaultprovider="sqlprovider" userisonlinetimewindow="20">   <providers>     <remove name="aspnetsqlprovider" />     <add name="sqlprovider"       type="system.web.security.sqlmembershipprovider"       passwordformat="hashed"       applicationname="/" />   </providers> </membership> 

check out blog post on this. has example there using hashed , encrypted passwords.


Comments

Popular posts from this blog

delphi - How to convert bitmaps to video? -

jasper reports - Fixed header in Excel using JasperReports -

python - ('The SQL contains 0 parameter markers, but 50 parameters were supplied', 'HY000') or TypeError: 'tuple' object is not callable -