MembershipPasswordFormat Enumeration (System.Web.Security)

MembershipPasswordFormat Enumeratio...

Switch on low bandwidth view

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework Class Library

MembershipPasswordFormat Enumeration

Describes the encryption format for storing passwords for membership users.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)

Syntax

Visual Basic (Declaration)

Public Enumeration MembershipPasswordFormat

Visual Basic (Usage)

Dim instance As MembershipPasswordFormat

public enum MembershipPasswordFormat

Visual C++

public enum class MembershipPasswordFormat

JScript

public enum MembershipPasswordFormat

Members

	Member name	Description
	Clear	Passwords are not encrypted.
	Hashed	Passwords are encrypted one-way using the SHA1 hashing algorithm. You can specify a hashing algorithm different than the SHA1 algorithm using the hashAlgorithmType attribute.
	Encrypted	Passwords are encrypted using the encryption settings determined by the machineKey Element (ASP.NET Settings Schema) element configuration.

Remarks

The SqlMembershipProvider class supports different password storage formats enabling you to increase the security of your membership user logins. Clear passwords are stored in plain text, which improves the performance of password storage and retrieval but is less secure, as passwords are easily read if your data source is compromised. Encrypted passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. This requires additional processing for password storage and retrieval, but is more secure as passwords are not easily determined if the data source is compromised. Hashed passwords are encrypted using a one-way salted hash when stored in the database. When a password is validated, it is combined with a salt value and then hashed. The result is compared with the value in the database for verification. Hashed passwords cannot be retrieved.

Note:
If you are not familiar with the membership features of ASP.NET, see Introduction to Membership before continuing. For a list of other topics related to membership, see Managing Users by Using Membership.

Examples

The following example shows the membership element in the system.web section of the Web.config file for an ASP.NET application. It specifies the application's SqlMembershipProvider instance and sets its password format to Hashed.

<membership defaultProvider="SqlProvider" 
  userIsOnlineTimeWindow="20" hashAlgorithmType="SHA1">
  <providers>
    <add name="SqlProvider"
      type="System.Web.Security.SqlMembershipProvider"
      connectionStringName="SqlServices"
      enablePasswordRetrieval="false"
      enablePasswordReset="true"
      requiresQuestionAndAnswer="true"
      passwordFormat="Hashed"
      applicationName="MyApplication" />
  </providers>
</membership>

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0

Reference

System.Web.Security Namespace

Other Resources

Introduction to Membership