Home/ Questions/Q 1087049
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T22:53:23+00:00

I have an existing table that has 100 users and passwords. The data type

  • 0

I have an existing table that has 100 users and passwords. The data type is a varchar.
I just created an asp.net mvc application and I want to convert the password to aspnet_membership table.

How do I convert varchar password on SQL level as “Password” and “Passwordsalt” in aspnet_membership table?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Password & PasswordSalt part are not processed and created at “SQL Level”
    If you look closely to the asp.net membership database – tables / stored procedures / other objects. Then you will find that there are two stored procedures (sp for short) to create User in asp.net membership database tables.

    1. aspnet_Membership_CreateUser
    2. aspnet_Users_CreateUser

    These sps will create user entry in aspnet_Membership & aspnet_Users table respectively.
    ASP.Net membership works on the web.config file settings that you setup.
    An example default webconfig entry will something like this:

    <authentication mode="Forms"> // If you are using Form authentication
  <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>

<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
         enablePasswordRetrieval="false" passwordFormat="Encrypted" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" />
  </providers>
</membership>

    In this settings section the attribute “passwordFormat” sets the way your user password is stored.
    Options are – Clear (0), Hashed (1), Encrypted (2)

    By default it will be having hashed value – or if u have not specified passwordFormat.

    In clear text the password will be saved as – Text clear – readable.

    With the Hashed option the password will not be (Encrypted), only encoded using a Hashing alogorithm

    With the Encrypted option the password will be Encrypted and then encoded.

    Encrypted option u specifies a non-auto generated “machine key”
    To get one see: Get a non-autogenerated machine key

    Password salt is a randomly generated string which is used to Encrypt and encode the password along with the Validation & Decryption Key.

    If you want to overide the encryption method of asp.net membership provider and encode youself, (if using custome membership provider), you can do something like this:

    private string EncodePassword(byte passFormat, string passtext, string passwordSalt)
{
    if(passFormat.Equals(0)) // passwordFormat="Clear" (0)
        return passtext;
    else{
        byte[] bytePASS = Encoding.Unicode.GetBytes(passtext);
        byte[] byteSALT = Convert.FromBase64String(passwordSalt);
        byte[] byteRESULT = new byte[byteSALT.Length + bytePASS.Length + 1];

        System.Buffer.BlockCopy(byteSALT, 0, byteRESULT, 0, byteSALT.Length);
        System.Buffer.BlockCopy(bytePASS, 0, byteRESULT, byteSALT.Length, bytePASS.Length);

        if(passFormat.Equals(1)) // passwordFormat="Hashed" (1)
        {
            HashAlgorithm ha = HashAlgorithm.Create(Membership.HashAlgorithmType);
            return (Convert.ToBase64String(ha.ComputeHash(byteRESULT)));
        }
        else // passwordFormat="Encrypted" (2)
        {
            MyCustomMembership myObj = new MyCustomMembership();
            return(Convert.ToBase64String(myObj.EncryptPassword(byteRESULT)));
        }
    }
}

    Example usage:

        string passSalt = // Either generate a random salt for that user, or retrieve the salt from database if the user is in edit and has a password salt
    EncodePassword(/* 0 or 1 or 2 */, passwordText, passSalt);

    I hope this helps.

    • 0