Geek Answers Handbook

ASP.NET: Application Form Authentication: Matching Password Encryption Settings

I have two websites that create users in their own ASP.NET authentication databases. Below are the Web.configs options for both. I also made aspnet_Applications database aspnet_Applications identical for both solutions. When I create a user, the encrypted passwords are not identical and are not salts of passwords.

Any idea of ​​creating two websites creates the same password hashes when both systems have the same username and password?

 <configuration> <system.web> <authentication mode="Forms" > <!-- The name, protection, path, validationKey, validation, decryptionKey, and decryption attributes must be identical across all applications. --> <forms loginUrl="~/Account/Login" name=".ASPXAUTH" protection="All" path="/" domain="contoso.com" timeout="2880" requireSSL="false" cookieless="UseCookies" enableCrossAppRedirects="true" /> </authentication> <!-- Validation and decryption keys must exactly match and cannot be set to "AutoGenerate". The validation and decryption algorithms must also be the same. --> <!-- The validationKey is not wrapped in the solution --> <!-- These keys are examples --> <machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D940 1E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51 F17C529AD3CABE" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1" decryption="Auto" /> </system.web> </configuration>
+4
source share
1 answer

A SqlMembershipProvider that sounds the way you use generates a random 128-bit value as a salt. Ie, it includes this value when it hashes the user's password as a security measure. To ensure that two independent systems produce the same hash, you need to make sure that the value of the PasswordSalt column is the same for the same user. MembershipUser devices for the PasswordSalt property are missing. This means that you need to either go directly to db to install it, create a custom MemberhipUser with this property, and the ability to save it or create your own class or method that provides this feature.

+4
source

More articles:


All Articles