Geeks With Blogs
Geekette's Blogette Trying to keep up with technology

I'm using the ASP.NET membership provider. While testing, I overrode the machine.config and set my password to as follows


I removed the override (switching it back to the machine.config value of "Hashed").

  1. New accounts are being added with a hashed password.
  2. Reseting a password for an account created while the value was set to "Clear" does not hash the password. The passwords for these users remains in clear text.

TODO: To hash the accounts that were already added, I need to do <Researching this now -- hope I don't have to readd all of these users!>

UPDATE: Turns out, that in the Membership table in the Membership database, there is a record for each user.  There are columns for Password, PasswordSalt and PasswordFormat.  Once a user has been created, the PasswordFormat for that user is stored with the user.  Changing web.config does not effect existing users. 

I am going to delete / readd my test accounts.  I could change the PasswordFormat myself, but it seems that is not supported by Microsoft.  This is a membership database for a SharePoint extranet.  Thankfully, I have not yet added the 150 extrernal users and set up their permissions within SharePoint yet. 

Moral of this story:  Do not add your users until you are sure which PasswordFormat you will be using in production.  Changing it after the fact is not supported. 

Posted on Wednesday, September 23, 2009 3:09 AM | Back to top

Comments on this post: ASP.NET Membership Provider - Switching from Clear to Hashed

# re: ASP.NET Membership Provider - Switching from Clear to Hashed
Requesting Gravatar...
I've been looking around on the web for the whole day yesterday for this and found nothing. This morning, you confirmed the conclusion I was coming to. Disapointing conclusion, but at least now I know. Thanks!
Left by David Laplante on Nov 24, 2009 2:49 AM

# re: ASP.NET Membership Provider - Switching from Clear to Hashed
Requesting Gravatar...
good thought
Left by archana arya on Jun 06, 2013 9:49 AM

Your comment:
 (will show your gravatar)

Copyright © Robin Edwards | Powered by: