I'm creating a custom "add user" page in ASP.Net web forms and have hit a problem. I can insert all the data into the membership table but the passwords are stored in plain text and the password salt has been hardcoded.
How do i go about hashing the passwords so that users can log in (as the membership framework checks for a password hash and not a clear text password). Also, is the salt completely random or is it linked to the password hash somehow?
Any help would be greatly appreciated,
Marc
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MySqlConnection"
applicationName="MyApplication"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
See the line where passwordFormat="Hashed" is mentioned. You need to work out this setting to have the password hashed. PasswordFormat has three values. You chose which one you want and configure your application accordingly.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 疯言疯语 的文章《ASP.NET password hashing and password salt》','https://www.manongdao.com/article-728296.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}