Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > SqlMembershipProvider and Hashed Passwords

Thread Tools

SqlMembershipProvider and Hashed Passwords

Posts: n/a
Hi all:

I configured my SqlMembershipProvider to hash the password using SHA1
algorithm (which, I believe is the default). We are occasionally seeing
issues were the username/password no longer authenticates because it
appears that the password hash stored in the aspnet_membership table is
no longer valid. It appears that the salt stored in the database is
encrypted and the only conclusion I can come up with is that the
SqlMembershipProvider is not decrypting the salt correctly.

I've search on how the SqlMembershipProvider actually encrypts the
password but have been unable to find any documentation. I've gone as
far as looking at the disassembled IL.

I would greatly appreciate if anyone could explain (or better yet point
me to documentation) what .NET is is actually doing to encrypt the
password and how it uses the salt.

Thanks in advance for your help,
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
FormAuthentication hashed passwords bthumber ASP .Net Security 0 10-30-2008 01:01 AM
SQLMembershipProvider: Comparing Hashed Passwords nigeaman ASP .Net Security 7 03-07-2006 03:00 AM
Advice on converting hashed packages to pseudo-hashed packages Ian Perl Misc 3 02-12-2005 12:17 AM
Importing 80+ hashed and 1 array into several perl scripts Matt Breedlove Perl 1 11-24-2003 09:47 PM
hashed array in array need the keys... and length Daniel Perl 1 08-14-2003 06:49 PM