asp.net.ph
Home  
Getting Started  
Skip Navigation Links
Web Forms  
Skip Navigation Links
Data Access  
Skip Navigation Links
Web Apps  
Skip Navigation Links
Web Basics  
Skip Navigation Links
Show Me   Search
Saturday, January 11, 2025 

MembershipPasswordFormat Enumeration

System.Web.Security Namespace

.NET Framework version 2.0

Describes the encryption format for storing passwords for membership users.

Members


Member Description
Clear Passwords are not encrypted.
Encrypted Passwords are encrypted using the encryption settings determined by the machineKey configuration element.
Hashed Passwords are encrypted one-way using the SHA1 hashing algorithm. You can specify a hashing algorithm different than the SHA1 algorithm using the hashAlgorithmType attribute.

Remarks

The SqlMembershipProvider class supports different password storage formats enabling you to increase the security of your membership user logins.

Clear passwords are stored in plain text, which improves the performance of password storage and retrieval but is less secure, as passwords are easily read if your data source is compromised.

Encrypted passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. This requires additional processing for password storage and retrieval, but is more secure as passwords are not easily determined if the data source is compromised.

Hashed passwords are encrypted using a one-way salted hash when stored in the database. When a password is validated, it is combined with a salt value and then hashed. The result is compared with the value in the database for verification. Hashed passwords cannot be retrieved.

Example

The following example shows the membership element in the system.web section of the Web.config file for an ASP.NET application. It specifies the application's SqlMembershipProvider instance and sets its password format to Hashed. 

<membership defaultProvider = "SqlProvider" 
   userIsOnlineTimeWindow = "20" hashAlgorithmType = "SHA1">
   <providers>
      <add name = "SqlProvider"
         type = "System.Web.Security.SqlMembershipProvider"
         connectionStringName = "SqlServices"
         enablePasswordRetrieval = "false"
         enablePasswordReset = "true"
         requiresQuestionAndAnswer = "true"
         passwordFormat = "Hashed"
         applicationName = "MyApplication" />
   </providers>
</membership>
See Also

Membership Class   SqlMembershipProvider Class Skip Navigation Links




Home
Suggested Reading

Previous page Back to top Next page

© 2000-2010 Rey Nuñez All rights reserved.

If you have any question, comment or suggestion
about this site, please send us a note

You can help support asp.net.ph