SqlMembershipProvider and Hashed Passwords

Discussion in 'ASP .Net' started by Glenn, Jun 28, 2007.

  1. Glenn

    Glenn Guest

    Hi all:

    I configured my SqlMembershipProvider to hash the password using SHA1
    algorithm (which, I believe is the default). We are occasionally seeing
    issues were the username/password no longer authenticates because it
    appears that the password hash stored in the aspnet_membership table is
    no longer valid. It appears that the salt stored in the database is
    encrypted and the only conclusion I can come up with is that the
    SqlMembershipProvider is not decrypting the salt correctly.

    I've search on how the SqlMembershipProvider actually encrypts the
    password but have been unable to find any documentation. I've gone as
    far as looking at the disassembled IL.

    I would greatly appreciate if anyone could explain (or better yet point
    me to documentation) what .NET is is actually doing to encrypt the
    password and how it uses the salt.

    Thanks in advance for your help,
    Glenn
     
    Glenn, Jun 28, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Daniel
    Replies:
    1
    Views:
    1,054
    Kevin Collins
    Aug 14, 2003
  2. Matt Breedlove
    Replies:
    1
    Views:
    427
    Eduard W. Lohmann
    Nov 24, 2003
  3. nigeaman

    SQLMembershipProvider: Comparing Hashed Passwords

    nigeaman, Mar 3, 2006, in forum: ASP .Net Security
    Replies:
    7
    Views:
    458
    Luke Zhang [MSFT]
    Mar 7, 2006
  4. bthumber

    FormAuthentication hashed passwords

    bthumber, Oct 30, 2008, in forum: ASP .Net Security
    Replies:
    0
    Views:
    535
    bthumber
    Oct 30, 2008
  5. Ian
    Replies:
    3
    Views:
    171
Loading...

Share This Page