Given a password and a string identifying the hash type, this routine produces a hash password suitable for storing in a configuration file.
[Visual Basic]
Public Shared Function HashPasswordForStoringInConfigFile( _
ByVal password As String, _
ByVal passwordFormat As String _
) As String
[C#]
public static string HashPasswordForStoringInConfigFile(
string password,
string passwordFormat
);
[C++]
public: static String* HashPasswordForStoringInConfigFile(
String* password,
String* passwordFormat
);
[JScript]
public static function HashPasswordForStoringInConfigFile(
password : String,
passwordFormat : String
) : String;
Parameters
- password
- The password to hash.
- passwordFormat
- The hash algorithm to use. Choices are "sha1" or "md5".
Return Value
Returns a String containing a hashed password.
Remarks
Password algorithms supported are SHA1 and MD5.
Example
[Visual Basic]
<%@ Page Language="VB" autoeventwireup="true" %>
<html>
<head>
<script runat="server">
Sub Cancel_Click(sender as Object, e as EventArgs )
userName.Text = ""
password.Text = ""
repeatPassword.Text = ""
result.Text = ""
End Sub
Sub HashPassword_Click(sender as Object, e as EventArgs)
If Page.IsValid Then
Dim hashMethod As String
If sha1.Checked Then
hashMethod = "SHA1"
Else
hashMethod = "MD5"
End If
Dim hashedPassword As String
hashedPassword = _
FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod)
result.Text = "<credentials passwordFormat='" + hashMethod + "'><br>" + _
" <user name='" + userName.Text + "' password='" + _
hashedPassword + "'><br>" + "</credentials>"
Else
result.Text = "There was an error on the page."
End If
End Sub
</script>
</head>
<body>
<form runat="server">
<p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
method.<br>The user name and hashed password can be stored in a <credentials> node
in the Web.config file.</p>
<table>
<tbody>
<tr>
<td>New User Name:</td>
<td><asp:TextBox id="userName" runat="server"></asp:TextBox></td>
<td><asp:RequiredFieldValidator id="userNameRequiredValidator" runat="server"
ErrorMessage="User name required" ControlToValidate="userName"></asp:RequiredFieldValidator></td>
</tr>
<tr>
<td>Password: </td>
<td><asp:TextBox id="password" runat="server" TextMode="Password"></asp:TextBox></td>
<td><asp:RequiredFieldValidator id="passwordRequiredValidator" runat="server"
ErrorMessage="Password required" ControlToValidate="password"></asp:RequiredFieldValidator></td>
</tr>
<tr>
<td>Repeat Password: </td>
<td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password"></asp:TextBox></td>
<td><asp:CompareValidator id="passwordCompareValidator" runat="server"
ErrorMessage="Password does not match" ControlToValidate="repeatPassword"
ControlToCompare="password"></asp:CompareValidator></td>
</tr>
<tr>
<td>Hash function: </td>
<td align="middle"><asp:RadioButton id="sha1" runat="server" GroupName="HashType"
Text="SHA1"></asp:RadioButton>
<asp:RadioButton id="md5" runat="server" GroupName="HashType" Text="MD5"></asp:RadioButton></td>
</tr>
<tr>
<td align="middle" colspan="2">
<asp:Button id="hashPassword" onclick="HashPassword_Click" runat="server" Text="Hash Password">
</asp:Button>
<asp:Button id="cancel" onclick="Cancel_Click" runat="server" Text="Cancel" CausesValidation="false">
</asp:Button></td>
</tr>
</tbody>
</table>
<p><asp:Label id="result" runat="server"></asp:Label></p>
</form>
</body>
</html>
[C#]
<%@ Page Language="C#" autoeventwireup="true" %>
<html>
<head>
<script runat="server">
void Cancel_Click(object sender, EventArgs e)
{
userName.Text = "";
password.Text = "";
repeatPassword.Text = "";
result.Text = "";
}
void HashPassword_Click(object sender, EventArgs e)
{
if (Page.IsValid)
{
string hashMethod = "";
if (sha1.Checked)
{
hashMethod = "SHA1";
}
else
{
hashMethod = "MD5";
}
string hashedPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod);
result.Text="<credentials passwordFormat=\"" + hashMethod +"\"><br>" +
" <user name=\"" + userName.Text + "\" password=\"" +
hashedPassword + "\"><br>" + "</credentials>";
}
else
{
result.Text = "There was an error on the page.";
}
}
</script>
</head>
<body>
<form runat="server">
<p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
method.<br>The user name and hashed password can be stored in a <credentials> node
in the Web.config file.</p>
<table>
<tbody>
<tr>
<td>New User Name:</td>
<td><asp:TextBox id="userName" runat="server"></asp:TextBox></td>
<td><asp:RequiredFieldValidator id="userNameRequiredValidator" runat="server"
ErrorMessage="User name required" ControlToValidate="userName"></asp:RequiredFieldValidator></td>
</tr>
<tr>
<td>Password: </td>
<td><asp:TextBox id="password" runat="server" TextMode="Password"></asp:TextBox></td>
<td><asp:RequiredFieldValidator id="passwordRequiredValidator" runat="server"
ErrorMessage="Password required" ControlToValidate="password"></asp:RequiredFieldValidator></td>
</tr>
<tr>
<td>Repeat Password: </td>
<td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password"></asp:TextBox></td>
<td><asp:CompareValidator id="passwordCompareValidator" runat="server"
ErrorMessage="Password does not match" ControlToValidate="repeatPassword"
ControlToCompare="password"></asp:CompareValidator></td>
</tr>
<tr>
<td>Hash function: </td>
<td align="middle"><asp:RadioButton id="sha1" runat="server" GroupName="HashType"
Text="SHA1"></asp:RadioButton>
<asp:RadioButton id="md5" runat="server" GroupName="HashType" Text="MD5"></asp:RadioButton></td>
</tr>
<tr>
<td align="middle" colspan="2">
<asp:Button id="hashPassword" onclick="HashPassword_Click" runat="server" Text="Hash Password">
</asp:Button>
<asp:Button id="cancel" onclick="Cancel_Click" runat="server" Text="Cancel" CausesValidation="false">
</asp:Button></td>
</tr>
</tbody>
</table>
<p><asp:Label id="result" runat="server"></asp:Label></p>
</form>
</body>
</html>
[C++, JScript] No example is available for C++ or JScript. To view a Visual Basic or C# example, click the Language Filter button .gif)
in the upper-left corner of the page.
Requirements
Platforms: Windows 2000, Windows XP Professional, Windows Server 2003 family
See Also
FormsAuthentication Class | FormsAuthentication Members | System.Web.Security Namespace