.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Migrating existing cleat text users password to hashed password Membership Provider

Posted By:      Posted Date: September 10, 2010    Points: 0   Category :ASP.Net
Hello all ,I had been trying to solve this but there is a hidden key i wish someone point me to.I had a simple membership database with users in first the Membership  Provider configured for clear passwordto retrieve the original password .Now a new requirement say that the password must be hashed and reset .I configure the Membership password to hash , and Implemented the Reset Password Module.My problem is as follow.If the user is new registered user with the new configuration the password and the security answer is hashed.also when I go and reset the password it continue to be hashed.Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password  and security answer will be hashed  . what happen is old user continue in clear text even if the configuration is hashed.so If I had new users everything is fine.old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text .If I delete this user and create it , Membership Provider understand that everything will be hashed.I need to know how it know this , I need to migrate users not to delete and recreate users .If there is a solution for that kindly expl

View Complete Post

More Related Resource Links

Use Membership but bypass / disable password usage for users


I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:

FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)

I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.

Is there a way to store users but disable password storage on the aspnet_membership table?

Password Encryption with Custom Membership Provider


 I am using a custom membership provider with a custom ValidateUser method.  The ValidateUser sends and additional parameter to authenticate my users (Username, Password, and Dealer).  I created a custom stored procedure for ValidateUser to call.  I copied over all my users from another table and encrypted all the passwords in the aspnet_membership table using the code below.  My question is, how do I take the password the user enters in the login form and validate that against what is in my aspnet_membership table?  Is there a method I need to call to encode/decode to do the password check?  Thank you very much for your help!

Here is the code I used to encrypt the passwords (not even sure this was the right way to encrypt. Please tell me if I did this wrong):

public static string EncodePasswordNow(string originalPassword)

        Byte[] originalBytes;
        Byte[] encodedBytes;
        MD5 md5;        //Instantiate MD5CryptoServiceProvider, get bytes for original password and compute hash (encoded password)       

How to clone sql membership provider password encryption procedure


Hi there,

I am using sqlmembership provider for my VisualBasic web application security.

I don't want to use the default reset password control and behavior.

What I am trying to do is, after the user provides a correct answer to the security question, send him an email with a link similar to this:


Where ID is the user ID in the aspnetdb database

When the user visits the link I offer him two text boxes for the new password and its verification. Submit button validates both textboxes have the same text and if so, generates a random salt, concatenates the new password with the salt and hashes the concatenated string.

I replace in the membership table the salt and password values for the user id received in the query string.

I must be doing something wrong, because, after storing the new password and salt, the user cannot login and failed login attempts are reported.

My code for generating the salt string is

01. Private Function CreateSalt() As

How to remove a saved password from a users computer


Hi, I have an asp.net website that requires users to login using their Active Directory credentials. All users of the website have AD accounts. Some of the users are at remote locations and share a common computer login (I know this is not recommended but it is what it is, I have no say in that). Every so often a user will log into my website and click the Remember Passwod box which causes the next person that comes along to not be prompted to log in. All users are on IE 7.  I have tried having them go into tools and deleting the cookies, saved passwords, etc but when they go to my website they are still not being prompted to log in. I have recently migrated to IIS 7 and I understand there is a way to have the user enter the site through a custom form but I have not gotten that far yet. How can I make sure the users password is removed from IE? Thanks for any help.  

Change password for FBA users in claims setup not working as expected

Hi, I am trying to add a standard asp:changepassword control for external users. In the previous 2007 sharepoint environment this control was working "out of the box". I am pretty sure what is wrong as well,- but not sure how to fix it. A workaround that makes me able to change password is as follows: in the asp - control, I have added the option DisplayUserName="true" Then in the actual web-page, i can see that my username is: 0#.f|acaspnetsqlmembershipprovider|xxxxxx and not xxxxxx as i would excpect, as i use xxxxxx to log in. Editing the username to just xxxxxx makes the changing of password work, but this solution is not really nice to deploy to the normal end-users.. Any suggestion on how to make the username right? I've tried to set the username using the option UserName="<%=SPContext.Current.Web.CurrentUser.LoginName%>", but it does not seem to evaluate..  

Preventing users from changing password

How to i keep users from changing password for a mssql account? We have a shared login which is readonly to the database.  But every now and then, someone decides to change the password.

How To add both Text and Bar Status for Password Strength in ASP.NET AJAX

 hai One and All,    here i am going to show u how to  add both Text and Bar Status for Password Strength in ASP.NET AJAX    Let Me take up the .aspx page first:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------     <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %><%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="cc1" %><%@ Register Assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"    Namespace="System.Web.UI" TagPrefix="asp" %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head runat="server">    <title>Untitled Page</title>    <link href="StyleSheet.css" rel="stylesheet" type="text/css" /></head><body>    <form id="form1" runat="server"

Problem With space When updating password of active directory users from asp.net


Hello Friend's

From long time i am facing problem with Reseting password of users of active directory from asp.net.

The coding is work fine when there are no space in username but it's cause a problem when there are space in username.


usernametochange = "Ketan Patel";
                       ds.Filter = "(&(objectClass=user)(sAMAccountName=(" + usernametochange + ")))";
                       ds.PageSize = 100;

                       SearchResult account = ds.FindOne();
                       DirectoryEntry user = account.GetDirectoryEntry();
                       object[] oPassword = new object[] { "krtya#123" };

                           object ret = user.Invoke("SetPassword", oPassword);

if you have any idea about it please help me.

Thank you.....

Use Non-default Membership Provider to authenticate users



I have a sharepoint 2007 FBA site and in the web.config of this site I have 2 membership providers defined with the default provider as the first provider. However my FBA login form is authenticating only the default provider. How to make the login form authenticate the non-default provider also.

Thanks for any help.


Cannot force users to change password... argh.


I'm working on a web page to allow users to activate AD accounts on demand. I have everything working except for one thing: I cannot set the 'user must change password on next logon' flag. I've tried using the user.invoke("put", "pwdlastset" , "0") statement, but it doesn't appear to be having any effect...

does anyone have any idea how to do this?





Shawn Keslar

Professional Technologist

WVU Office of Information Tecnology

Morgantown,WV 26506 

Settting password expiry to login/users without domain policy dependency


Hi Friends,

I would require your help,in setting password expiry for login/users.But this shouldnt have any dependency with Windows Domain users expiry policy.For example our domain user expiry policy 45 days but we want sql server login/users password expiry to be 180days.For any clarifications




SEcuring a set up file with user name and password from another users.


Hai ,Everybody,

the requirement is securing the setup file from other users.

the server having all the users details having UserName and password.

when ever the installation starts the setup has to ask the username and passwore.

at this time the setup will connect with the server and cvheck the details

if the provided is correct only the installer will continues other wise it will exists.


How to compare entered password with webmatrix hashed password in DB?



I am using webmatrix and have built a starter site.

Members passwords are hashed and stored in the database by the default webmatrix method used in CreateAccount.


I now need to validate a password against the hashed value in the database OUTSIDE of webmatrix, i.e. in a webservice.

What is the call to Encrypt the text password using the same algorithm that webmatrix uses? e.g. 

myHashedPassword = Crypto.Hash(Password, "sha1") or  myHashedPassword  = Crypto.Hash(Password, "sha256")

I should then be able to compare the hashed password with that of the value in the database, if they match.... all is good!!!!


Thanks in advance



Does Microsoft Membership provider supports internal and external users?



I am developing a web application for internal users and I was asked to implement security model. I suggested using Microsoft Membership provide model, so one of my team member raised a question stating that this model doesn't support external users.

Is it true statement? if not, please provide me links or samples to achieve this.




How to Encrypt and Decrypt a Password using SQLSERVER 2005?(Video)

Encypt and Decrypt a Password using SQLSERVER 2005(Video)

symmetric key protected by a password

An alternative could be using a symmetric key protected by a password, as long as your application generates the CREATE SYMMETRIC KEY and OPEN SYMMETRIC KEY statements directly instead of calling them inside a SP (otherwise the password will still be passed as a parameter, and will be in clear in the profiler).

Membership Provider Conn String


Hello. I've bee successfully using the Asp.Net Membership Provider in my VB.Net 3.5/SQL 2005 web app for a year now (Site A). However, I've added 2 new sites (B and C) (both with their own DB) and now I see a problem. It looks like users that get created for sites B and C also get created in site A. Roles that I create for B and C only get created in A. I think it is a conn string problem.

When I created A, I adde the conn string to my machine.config (not sure why I did this or if it is even needed)...


         <add name="LocalSqlServer" connectionString="Data Source=VS689\SQLEXPRESS;Initial Catalog=SiteA;USER ID=sa;PASSWORD=123456"/>


                <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=blahblah" connectionStringName="LocalSqlS

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend