MembershipProvider.PasswordFormat Property

 

Gets a value indicating the format for storing passwords in the membership data store.

Namespace:   System.Web.Security
Assembly:  System.Web.ApplicationServices (in System.Web.ApplicationServices.dll)

public abstract MembershipPasswordFormat PasswordFormat { get; }

Property Value

Type: System.Web.Security.MembershipPasswordFormat

One of the MembershipPasswordFormat values indicating the format for storing passwords in the data store.

The PasswordFormat property indicates the format that passwords are stored in. Use Hashed only, Clear and Encrypted are not secure. Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value when stored in the database. When a password is validated, it is hashed with the salt value in the database for verification. Hashed passwords cannot be retrieved. Encrypted passwords are not considered safe, as a breach that reveals your database contents can also expose the encryption key. This means your encrypted passwords could be decrypted and exposed.

You can use the EncryptPassword and DecryptPassword virtual methods of the MembershipProvider class to encrypt and decrypt password values, or you can supply your own encryption code. If you use the EncryptPassword and DecryptPassword virtual methods of the MembershipProvider class, Encrypted passwords are encrypted using the key information supplied in the machineKey Element (ASP.NET Settings Schema) element in your configuration.

For an example of a MembershipProvider implementation, see Implementing a Profile Provider.

.NET Framework
Available since 2.0
Return to top
Show: