Export (0) Print
Expand All

FormsAuthentication.HashPasswordForStoringInConfigFile Method

Note: This API is now obsolete.

Produces a hash password suitable for storing in a configuration file based on the specified password and hash algorithm.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

'Declaration
<ObsoleteAttribute("The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.")> _
Public Shared Function HashPasswordForStoringInConfigFile ( _
	password As String, _
	passwordFormat As String _
) As String

Parameters

password
Type: System.String

The password to hash.

passwordFormat
Type: System.String

The hash algorithm to use. passwordFormat is a String that represents one of the FormsAuthPasswordFormat enumeration values.

Return Value

Type: System.String
The hashed password.

ExceptionCondition
ArgumentNullException

password is Nothing

-or-

passwordFormat is Nothing.

ArgumentException

passwordFormat is not a valid FormsAuthPasswordFormat value.

The HashPasswordForStoringInConfigFile method creates a hashed password value that can be used when storing forms-authentication credentials in the configuration file for an application.

Authentication credentials stored in the configuration file for an application are used by the Authenticate method to verify passwords for users of an application. Alternatively, you can use ASP.NET membership to store user credentials. For more information, see Managing Users by Using Membership.

The following code example takes a user name, password, and hash type and displays the credentials section of the configuration that includes the user definition and hashed password.

Security noteSecurity Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@ Page Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
   <head>
    <title>ASP.NET Example</title>
<script runat="server">
         Sub Cancel_Click(sender As Object, e As EventArgs)
            userName.Text = ""
            password.Text = ""
            repeatPassword.Text = ""
            result.Text = ""
         End Sub

         Sub HashPassword_Click(sender As Object, e As EventArgs)
            If Page.IsValid Then
               Dim hashMethod As String = ""

               If md5.Checked Then
                  hashMethod = "MD5"
               Else
                  hashMethod = "SHA1"
               End If

               Dim hashedPassword As String = _
                  FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod)

               result.Text = "&lt;credentials passwordFormat=""" & hashMethod & _
                 """&gt;<br />" & "  &lt;user name=""" & Server.HtmlEncode(userName.Text) & """ password=""" & _
                 hashedPassword & """ /&gt;<br />" & "&lt;/credentials&gt;"
            Else
               result.Text = "There was an error on the page."
            End If
         End Sub
      </script>
   </head>

   <body>
      <form id="form1" runat="server">
         <p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
         method.<br />The user name and hashed password can be stored in a &lt;credentials&gt; node
         in the Web.config file.</p>
         <table cellpadding="2">
            <tbody>
               <tr>
                  <td>New User Name:</td>
                  <td><asp:TextBox id="userName" runat="server" /></td>
                  <td><asp:RequiredFieldValidator id="userNameRequiredValidator" 
                        runat="server" ErrorMessage="User name required" 
                        ControlToValidate="userName" /></td>
               </tr>
               <tr>
                  <td>Password: </td>
                  <td><asp:TextBox id="password" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="passwordRequiredValidator" 
                        runat="server" ErrorMessage="Password required" 
                        ControlToValidate="password" /></td>
               </tr>
               <tr>
                  <td>Repeat Password: </td>
                  <td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="repeatPasswordRequiredValidator" 
                        runat="server" ErrorMessage="Password confirmation required" 
                        ControlToValidate="repeatPassword" />
                      <asp:CompareValidator id="passwordCompareValidator" runat="server" 
                        ErrorMessage="Password does not match" 
                        ControlToValidate="repeatPassword" 
                        ControlToCompare="password" /></td>
               </tr>
               <tr>
                  <td>Hash function:</td>
                  <td align="center">
                     <asp:RadioButton id="sha1" runat="server" GroupName="HashType" 
                                      Text="SHA1" />
                     <asp:RadioButton id="md5" runat="server" GroupName="HashType" 
                                      Text="MD5" />
                  </td>
               </tr>
               <tr>
                  <td align="center" colspan="2">
                    <asp:Button id="hashPassword" onclick="HashPassword_Click" 
                                runat="server" Text="Hash Password" />&nbsp;&nbsp; 
                    <asp:Button id="cancel" onclick="Cancel_Click" runat="server" 
                                Text="Cancel" CausesValidation="false" />
                  </td>
               </tr>
            </tbody>
         </table>

         <pre><asp:Label id="result" runat="server"></asp:Label></pre>
      </form>
   </body>
</html>

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0
Obsolete (compiler warning) in 4.5.2
Obsolete (compiler warning) in 4.5.1
Obsolete (compiler warning) in 4.5

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft