G
Glenn
Hi all:
I configured my SqlMembershipProvider to hash the password using SHA1
algorithm (which, I believe is the default). We are occasionally seeing
issues were the username/password no longer authenticates because it
appears that the password hash stored in the aspnet_membership table is
no longer valid. It appears that the salt stored in the database is
encrypted and the only conclusion I can come up with is that the
SqlMembershipProvider is not decrypting the salt correctly.
I've search on how the SqlMembershipProvider actually encrypts the
password but have been unable to find any documentation. I've gone as
far as looking at the disassembled IL.
I would greatly appreciate if anyone could explain (or better yet point
me to documentation) what .NET is is actually doing to encrypt the
password and how it uses the salt.
Thanks in advance for your help,
Glenn
I configured my SqlMembershipProvider to hash the password using SHA1
algorithm (which, I believe is the default). We are occasionally seeing
issues were the username/password no longer authenticates because it
appears that the password hash stored in the aspnet_membership table is
no longer valid. It appears that the salt stored in the database is
encrypted and the only conclusion I can come up with is that the
SqlMembershipProvider is not decrypting the salt correctly.
I've search on how the SqlMembershipProvider actually encrypts the
password but have been unable to find any documentation. I've gone as
far as looking at the disassembled IL.
I would greatly appreciate if anyone could explain (or better yet point
me to documentation) what .NET is is actually doing to encrypt the
password and how it uses the salt.
Thanks in advance for your help,
Glenn