FormsAuthentication.HashPasswordForStoringInConfigFile(String, String) Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Caution
The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.
Produces a hash password suitable for storing in a configuration file based on the specified password and hash algorithm.
public:
static System::String ^ HashPasswordForStoringInConfigFile(System::String ^ password, System::String ^ passwordFormat);public static string HashPasswordForStoringInConfigFile (string password, string passwordFormat);[System.Obsolete("The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.")]
public static string HashPasswordForStoringInConfigFile (string password, string passwordFormat);static member HashPasswordForStoringInConfigFile : string * string -> string[<System.Obsolete("The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.")>]
static member HashPasswordForStoringInConfigFile : string * string -> stringPublic Shared Function HashPasswordForStoringInConfigFile (password As String, passwordFormat As String) As StringParameters
- password
- String
The password to hash.
- passwordFormat
- String
The hash algorithm to use. passwordFormat is a String that represents one of the FormsAuthPasswordFormat enumeration values.
Returns
The hashed password.
- Attributes
Exceptions
passwordFormat is not a valid FormsAuthPasswordFormat value.
Examples
The following code example takes a user name, password, and hash type and displays the credentials section of the configuration that includes the user definition and hashed password.
Important
This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>ASP.NET Example</title>
<script runat="server">
void Cancel_Click(object sender, EventArgs e)
{
userName.Text = "";
password.Text = "";
repeatPassword.Text = "";
result.Text = "";
}
void HashPassword_Click(object sender, EventArgs e)
{
if (Page.IsValid)
{
string hashMethod = "";
if (md5.Checked)
{
hashMethod = "MD5";
}
else
{
hashMethod = "SHA1";
}
string hashedPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod);
result.Text = "<credentials passwordFormat=\"" + hashMethod +"\"><br />" +
" <user name=\"" + Server.HtmlEncode(userName.Text) + "\" password=\"" +
hashedPassword + "\" /><br />" + "</credentials>";
}
else
{
result.Text = "There was an error on the page.";
}
}
</script>
</head>
<body>
<form id="form1" runat="server">
<p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
method.<br />The user name and hashed password can be stored in a <credentials> node
in the Web.config file.</p>
<table cellpadding="2">
<tbody>
<tr>
<td>New User Name:</td>
<td><asp:TextBox id="userName" runat="server" /></td>
<td><asp:RequiredFieldValidator id="userNameRequiredValidator"
runat="server" ErrorMessage="User name required"
ControlToValidate="userName" /></td>
</tr>
<tr>
<td>Password: </td>
<td><asp:TextBox id="password" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="passwordRequiredValidator"
runat="server" ErrorMessage="Password required"
ControlToValidate="password" /></td>
</tr>
<tr>
<td>Repeat Password: </td>
<td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="repeatPasswordRequiredValidator"
runat="server" ErrorMessage="Password confirmation required"
ControlToValidate="repeatPassword" />
<asp:CompareValidator id="passwordCompareValidator" runat="server"
ErrorMessage="Password does not match"
ControlToValidate="repeatPassword"
ControlToCompare="password" /></td>
</tr>
<tr>
<td>Hash function:</td>
<td align="center">
<asp:RadioButton id="sha1" runat="server" GroupName="HashType"
Text="SHA1" />
<asp:RadioButton id="md5" runat="server" GroupName="HashType"
Text="MD5" />
</td>
</tr>
<tr>
<td align="center" colspan="2">
<asp:Button id="hashPassword" onclick="HashPassword_Click"
runat="server" Text="Hash Password" />
<asp:Button id="cancel" onclick="Cancel_Click" runat="server"
Text="Cancel" CausesValidation="false" />
</td>
</tr>
</tbody>
</table>
<pre><asp:Label id="result" runat="server"></asp:Label></pre>
</form>
</body>
</html>
<%@ Page Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>ASP.NET Example</title>
<script runat="server">
Sub Cancel_Click(sender As Object, e As EventArgs)
userName.Text = ""
password.Text = ""
repeatPassword.Text = ""
result.Text = ""
End Sub
Sub HashPassword_Click(sender As Object, e As EventArgs)
If Page.IsValid Then
Dim hashMethod As String = ""
If md5.Checked Then
hashMethod = "MD5"
Else
hashMethod = "SHA1"
End If
Dim hashedPassword As String = _
FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod)
result.Text = "<credentials passwordFormat=""" & hashMethod & _
"""><br />" & " <user name=""" & Server.HtmlEncode(userName.Text) & """ password=""" & _
hashedPassword & """ /><br />" & "</credentials>"
Else
result.Text = "There was an error on the page."
End If
End Sub
</script>
</head>
<body>
<form id="form1" runat="server">
<p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
method.<br />The user name and hashed password can be stored in a <credentials> node
in the Web.config file.</p>
<table cellpadding="2">
<tbody>
<tr>
<td>New User Name:</td>
<td><asp:TextBox id="userName" runat="server" /></td>
<td><asp:RequiredFieldValidator id="userNameRequiredValidator"
runat="server" ErrorMessage="User name required"
ControlToValidate="userName" /></td>
</tr>
<tr>
<td>Password: </td>
<td><asp:TextBox id="password" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="passwordRequiredValidator"
runat="server" ErrorMessage="Password required"
ControlToValidate="password" /></td>
</tr>
<tr>
<td>Repeat Password: </td>
<td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="repeatPasswordRequiredValidator"
runat="server" ErrorMessage="Password confirmation required"
ControlToValidate="repeatPassword" />
<asp:CompareValidator id="passwordCompareValidator" runat="server"
ErrorMessage="Password does not match"
ControlToValidate="repeatPassword"
ControlToCompare="password" /></td>
</tr>
<tr>
<td>Hash function:</td>
<td align="center">
<asp:RadioButton id="sha1" runat="server" GroupName="HashType"
Text="SHA1" />
<asp:RadioButton id="md5" runat="server" GroupName="HashType"
Text="MD5" />
</td>
</tr>
<tr>
<td align="center" colspan="2">
<asp:Button id="hashPassword" onclick="HashPassword_Click"
runat="server" Text="Hash Password" />
<asp:Button id="cancel" onclick="Cancel_Click" runat="server"
Text="Cancel" CausesValidation="false" />
</td>
</tr>
</tbody>
</table>
<pre><asp:Label id="result" runat="server"></asp:Label></pre>
</form>
</body>
</html>
Remarks
The HashPasswordForStoringInConfigFile method creates a hashed password value that can be used when storing forms-authentication credentials in the configuration file for an application.
Authentication credentials stored in the configuration file for an application are used by the Authenticate method to verify passwords for users of an application. Alternatively, you can use ASP.NET membership to store user credentials. For more information, see Managing Users by Using Membership.
Applies to
See also
Colaborați cu noi pe GitHub
Sursa pentru acest conținut poate fi găsită pe GitHub, unde puteți, de asemenea, să creați și să consultați probleme și solicitări de tragere. Pentru mai multe informații, consultați ghidul nostru pentru colaboratori.
