Describes the encryption format for storing passwords for membership users.
Syntax
Remarks
The System.Web.Security.SqlMembershipProvider class supports different password storage formats enabling you to increase the security of your membership user logins. MembershipPasswordFormat.Clear passwords are stored in plain text, which improves the performance of password storage and retrieval but is less secure, as passwords are easily read if your data source is compromised. MembershipPasswordFormat.Encrypted passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. This requires additional processing for password storage and retrieval, but is more secure as passwords are not easily determined if the data source is compromised. MembershipPasswordFormat.Hashed passwords are encrypted using a one-way salted hash when stored in the database. When a password is validated, it is combined with a salt value and then hashed. The result is compared with the value in the database for verification. Hashed passwords cannot be retrieved.
If you are not familiar with the membership features of ASP.NET, see Introduction to Membership before continuing. For a list of other topics related to membership, see Managing Users By Using Membership.
Members
| Member Name | Description |
|---|---|
| Clear |
Passwords are not encrypted. |
| Encrypted |
Passwords are encrypted using the encryption settings determined by the machineKey element configuration. |
| Hashed |
Passwords are encrypted one-way using the SHA1 hashing algorithm. |
Requirements
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0