ASP.NET password hashing and password salt

2019-04-17 08:36发布

I'm creating a custom "add user" page in ASP.Net web forms and have hit a problem. I can insert all the data into the membership table but the passwords are stored in plain text and the password salt has been hardcoded.

How do i go about hashing the passwords so that users can log in (as the membership framework checks for a password hash and not a clear text password). Also, is the salt completely random or is it linked to the password hash somehow?

Any help would be greatly appreciated,

Marc

标签： asp.net webforms asp.net-membership hash salt

1条回答

Explosion°爆炸

2楼-- · 2019-04-17 08:58

<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
      <providers>
        <clear />
        <add 
          name="SqlProvider" 
          type="System.Web.Security.SqlMembershipProvider" 
          connectionStringName="MySqlConnection"
          applicationName="MyApplication"
          enablePasswordRetrieval="false"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="true"
          passwordFormat="Hashed" />
      </providers>
    </membership>

See the line where passwordFormat="Hashed" is mentioned. You need to work out this setting to have the password hashed. PasswordFormat has three values. You chose which one you want and configure your application accordingly.

0人赞添加讨论(0) 举报

ASP.NET password hashing and password salt

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间