Configuration file change required to change hash algorithm: https://msdn.microsoft.com/en-us/library/1b9hw62f(v=vs.100).aspx

<membership 	defaultProvider="CustomMembershipProvider"
		userIsOnlineTimeWindow="10" <!-- “number of minutes” (default is 15) we are not setting this -->
 		hashAlgorithmType="SHA1" >
 	<providers>
 		<clear />
 		<add name="CustomMembershipProvider"
			type="YKSecurity.MembershipProvider, YKSecurity"
			connectionStringName="ApplicationServices"
			enablePasswordRetrieval="false"
			enablePasswordReset="true"
			requiresQuestionAndAnswer="false"
			requiresUniqueEmail="true"
			maxInvalidPasswordAttempts="5"
			minRequiredPasswordLength="8"
			minRequiredNonalphanumericCharacters="1"
			passwordAttemptWindow="10"
			passwordFormat="Hashed"
			applicationName="/"
			ApplicationID="8cf7b53e-9cc2-4f92-ae5a-e1a55ea9891d" />
 	</providers>
</membership>

Your web.config might be using a machineKey as illustrated here:

 <machineKey   	decryption="AES"
		decryptionKey="39B7241DD689200A6748A8AB3FD582F5C3D25B3DDA2CFE85"
		validation="SHA1"
		validationKey="33BE6BA963B0BD01467075FC1AC746DD0972175150AB7FA0052E9D6C112A1FB2C5A7FBF34CBD76B3EF77F013A42D7568EE67450E081B2A9E50B119569F4E9462" />

In web implementation we will update keys and validation algorithm to use HMACSHA512:

 <machineKey
		decryption="AES"
		decryptionKey="39B7241DD689200A6748A8AB3FD582F5C3D25B3DDA2CFE85"
		validation="HMACSHA512"
		validationKey="33BE6BA963B0BD01467075FC1AC746DD0972175150AB7FA0052E9D6C112A1FB2C5A7FBF34CBD76B3EF77F013A42D7568EE67450E081B2A9E50B119569F4E9462" /></pre>

 

Machine key are created via IIS:

machineKey

 

 

 

 

 

 

 

 

 

 

 

 

 

Just getting started with this post and the number of plugins I had to screw with got me a headache. I need a break — sorry —

Solution To Memebership Provider

Leave a Reply

Your email address will not be published. Required fields are marked *