SqlMembershipProvider and Hashed Passwords

Discussion in 'ASP .Net' started by Glenn, Jun 28, 2007.

  1. Glenn

    Glenn Guest

    Hi all:

    I configured my SqlMembershipProvider to hash the password using SHA1
    algorithm (which, I believe is the default). We are occasionally seeing
    issues were the username/password no longer authenticates because it
    appears that the password hash stored in the aspnet_membership table is
    no longer valid. It appears that the salt stored in the database is
    encrypted and the only conclusion I can come up with is that the
    SqlMembershipProvider is not decrypting the salt correctly.

    I've search on how the SqlMembershipProvider actually encrypts the
    password but have been unable to find any documentation. I've gone as
    far as looking at the disassembled IL.

    I would greatly appreciate if anyone could explain (or better yet point
    me to documentation) what .NET is is actually doing to encrypt the
    password and how it uses the salt.

    Thanks in advance for your help,
    Glenn
     
    Glenn, Jun 28, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Daniel
    Replies:
    1
    Views:
    1,060
    Kevin Collins
    Aug 14, 2003
  2. Matt Breedlove
    Replies:
    1
    Views:
    433
    Eduard W. Lohmann
    Nov 24, 2003
  3. nigeaman

    SQLMembershipProvider: Comparing Hashed Passwords

    nigeaman, Mar 3, 2006, in forum: ASP .Net Security
    Replies:
    7
    Views:
    464
    Luke Zhang [MSFT]
    Mar 7, 2006
  4. bthumber

    FormAuthentication hashed passwords

    bthumber, Oct 30, 2008, in forum: ASP .Net Security
    Replies:
    0
    Views:
    538
    bthumber
    Oct 30, 2008
  5. Ian
    Replies:
    3
    Views:
    177
Loading...

Share This Page