August 8, 2013 at 11:42 am
During my very steep learning curve in trying to implement an ASP.Net membership system, I naively set the passwordFormat in my web.config file to Hashed. This was before all my data was entered! I then read that Hashed passwords could not be retrieved.
Break it to me gently... do I have to start over and re-enter all the data into my DB? Or is there a clever way of undoing my follies?
Tx,
Martin
August 8, 2013 at 12:41 pm
Hashed passwords cannot be retrieved. That is a good thing!!! What that means is that when you want to authenticate a user you have to compare the stored hash value to the results of hashing the text they typed in. This is what is known as a cryptographic hash. In other words, you don't need the clear text ever. You only need to know what the result of the hash function is.
This does mean that you will never be able to send your users their password in an email. Instead you will have to reset it. You have seen this in action many times. Basically you will need to change their password the hash results of some random string and send the user that random string. This way they will be able to "login" but will also be forced to enter a new password.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply