MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Way to crypt the passwords (Closed) (Mono Support )

Viewed 13335 time(s), 4 post(s) 4/13/2012 8:58:26 AMby livcons
livcons

livcons

4/13/2012 8:58:26 AM
Hello Is there a way to crypt the user passwords?

Regards
This content has not been rated yet. 
986 Reputation 121 Total posts
Jeremy

Jeremy

4/13/2012 1:23:54 PM
I think you would need to update the web.config passwordFormat setting to either Encrypted or Hashed, depending on your needs. See this section in web.config:

<membership defaultProvider="AspNetSqlMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add connectionStringName="LocalSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="MonoX" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="AspNetSqlMembershipProvider" type="MonoSoftware.MonoX.MonoXMembershipProvider, MonoX"/>
</providers>
</membership>

"The PasswordFormat property indicates the format that passwords are stored in. Passwords can be stored in Clear, Encrypted, and Hashed password formats. Clear passwords are stored in plain text, which improves the performance of password storage and retrieval but is less secure, as passwords are easily read if your data source is compromised. Encrypted passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. This requires additional processing for password storage and retrieval, but is more secure, as passwords are not easily determined if the data source is compromised. Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value when stored in the database. When a password is validated, it is hashed with the salt value in the database for verification. Hashed passwords cannot be retrieved."

quoted from: http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.passwordformat
Rated 5.00, 1 vote(s). 
322 Reputation 36 Total posts
livcons

livcons

4/13/2012 1:46:09 PM
Thanks

That solved the problem.

Regards
This content has not been rated yet. 
986 Reputation 121 Total posts
Jeremy

Jeremy

4/13/2012 1:57:01 PM
Glad to hear that solved the problem. Please consider marking my post as the answer if you found it helpful.
This content has not been rated yet. 
322 Reputation 36 Total posts