MembershipProvider.PasswordFormat Property

Definition

Namespace:

System.Web.Security

Assembly:

System.Web.ApplicationServices.dll

Gets a value indicating the format for storing passwords in the membership data store.

public:
 abstract property System::Web::Security::MembershipPasswordFormat PasswordFormat { System::Web::Security::MembershipPasswordFormat get(); };

public abstract System.Web.Security.MembershipPasswordFormat PasswordFormat { get; }

member this.PasswordFormat : System.Web.Security.MembershipPasswordFormat

Public MustOverride ReadOnly Property PasswordFormat As MembershipPasswordFormat

Property Value

MembershipPasswordFormat

One of the MembershipPasswordFormat values indicating the format for storing passwords in the data store.

Examples

For an example of a MembershipProvider implementation, see Implementing a Profile Provider.

Remarks

The PasswordFormat property indicates the format that passwords are stored in. Use Hashed only, Clear and Encrypted are not secure. Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value when stored in the database. When a password is validated, it is hashed with the salt value in the database for verification. Hashed passwords cannot be retrieved. Encrypted passwords are not considered safe, as a breach that reveals your database contents can also expose the encryption key. This means your encrypted passwords could be decrypted and exposed.

You can use the EncryptPassword and DecryptPassword virtual methods of the MembershipProvider class to encrypt and decrypt password values, or you can supply your own encryption code. If you use the EncryptPassword and DecryptPassword virtual methods of the MembershipProvider class, Encrypted passwords are encrypted using the key information supplied in the machineKey Element (ASP.NET Settings Schema) element in your configuration.

See also

• Implementing a Membership Provider
• Introduction to ASP.NET Membership