Home/ Questions/Q 553661
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T11:37:43+00:00

Straight to the point: Where can I place the algoritm for password hash encryption

  • 0

Straight to the point:

Where can I place the algoritm for password hash encryption in Membership Provider?
or: Where did Microsoft team place the encryption method?

Because: I chose to have it Hash but password ended up in my database are plain.

Thank you very much 🙂

—– Update

Sorry for not mention, im using my own custom provider.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is specified in the Membership Provider configuration of your webconfig, using the add element:

    <!-- SqlMembershipProvider syntax -->
<add name="string" 
  type="string" 
  connectionStringName="string"
  applicationName="MyApplication"
  commandTimeout
  description
  enablePasswordRetrieval="false"
  enablePasswordReset="true"
  passwordFormat="Hashed"
  minRequiredPasswordLength
  minRequiredNonalphanumericCharacters
  passwordStrengthRegularExpression
/>

    The default algorithm is SHA1, as defined in the membership provider, but you can override this if you want to using the hashAlgorithmType attribute:

    <membership
  defaultProvider="provider name"
  userIsOnlineTimeWindow="number of minutes"
  hashAlgorithmType="SHA1">
  <providers>...</providers>
</membership>

    For more details on providing your own algorithm, see “Mapping Algorithm Names to Cryptography Classes”.

    Note that the format overrides things like password retrieval – hashed passwords can’t be retrieved, and a provider should return an exception if GetPassword is called on them when the password is hashed (see EnablePasswordRetrieval property).

    If you have written your own MembershipProvider, I suggest you take a look at the “How to: Sample Membership Provider Implementation”, especially the methods EncodePassword and UnencodePassword.

    • 0