MembershipProvider.PasswordFormat Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets a value indicating the format for storing passwords in the membership data store.
public:
abstract property System::Web::Security::MembershipPasswordFormat PasswordFormat { System::Web::Security::MembershipPasswordFormat get(); };public abstract System.Web.Security.MembershipPasswordFormat PasswordFormat { get; }member this.PasswordFormat : System.Web.Security.MembershipPasswordFormatPublic MustOverride ReadOnly Property PasswordFormat As MembershipPasswordFormatProperty Value
One of the MembershipPasswordFormat values indicating the format for storing passwords in the data store.
Examples
For an example of a MembershipProvider implementation, see Implementing a Profile Provider.
Remarks
The PasswordFormat property indicates the format that passwords are stored in. Use Hashed only, Clear and Encrypted are not secure. Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value when stored in the database. When a password is validated, it is hashed with the salt value in the database for verification. Hashed passwords cannot be retrieved. Encrypted passwords are not considered safe, as a breach that reveals your database contents can also expose the encryption key. This means your encrypted passwords could be decrypted and exposed.
You can use the EncryptPassword and DecryptPassword virtual methods of the MembershipProvider class to encrypt and decrypt password values, or you can supply your own encryption code. If you use the EncryptPassword and DecryptPassword virtual methods of the MembershipProvider class, Encrypted passwords are encrypted using the key information supplied in the machineKey Element (ASP.NET Settings Schema) element in your configuration.
