ASP.Net Membership saves changed password as plain text even with Hashed passwordFormat set
I\'m using the ASP.Net SqlMembershipProvider to manage my users. Here is my config:
-
To do that I use a console application. Directly in the database I change
PasswordFormatin theaspnet_Membershiptable. Then I change the password to the same with the help ofResetPasswordandChangePasswordmethods. Also if the user was locked out I unlock it before changing the password and then lock again. In the app.config file I have connection strings for database model and membership provider, as well as the membership provider definition.Note, that if the old password does not satisfies your latest password requirements in the provider settings then the
ChangePasswordmethod would fail.The code is the following:
static void Main(string[] args) { using (var db = new MyEntities()) { var usersToFix = db.aspnet_Membership.Where(x => x.PasswordFormat == 0).ToList(); foreach (var userToFix in usersToFix) { userToFix.PasswordFormat = 1; var password = userToFix.Password; var passwordQuestion = userToFix.PasswordQuestion; var passwordAnswer = userToFix.PasswordAnswer; var lastLockoutDate = userToFix.LastLockoutDate; db.SaveChanges(); var user = Membership.GetUser(userToFix.UserId); bool locked = user.IsLockedOut; if (locked) { user.UnlockUser(); } var resetPassword = user.ResetPassword(); user.ChangePassword(resetPassword, password); user.ChangePasswordQuestionAndAnswer(password, passwordQuestion, passwordAnswer); if (locked) { userToFix.IsLockedOut = true; userToFix.LastLockoutDate = lastLockoutDate; db.SaveChanges(); } Console.WriteLine("{0} - OK", user.UserName); } } Console.WriteLine("Done!"); Console.ReadKey(); }
![[愿得一人]](https://www.e-learn.cn/qa/data/avatar/000/00/00/small_000000012.jpg)
加载中...
- 热议问题