Changing passwordformat=hashed to clear doesn't work

Question

maleke 0 Newbie Poster

13 Years Ago

Hello,

I currently have hashed passwords in my database. I want to set them for clear. I do not care about any kind of security. I just want plain, simple passwords. I don't even care if I have to delete all my users and start over fresh. I desperately have been searching as to why it is not explained further than changing passwordformat equal to clear to elimante hashing. I thought adding security would be the difficult part, not eliminating it.

<membership>
     <providers>
	   <add connectionStringName="newdbConnectionString" 
             enablePasswordRetrieval="false" 
             enablePasswordReset="true" 
             requiresQuestionAndAnswer="true" 
             applicationName="SecurityTutorials" 
             requiresUniqueEmail="true" 
             passwordFormat="Clear" 
             maxInvalidPasswordAttempts="5" 
             minRequiredPasswordLength="7" 
             minRequiredNonalphanumericCharacters="1" 
             passwordAttemptWindow="10" 
             passwordStrengthRegularExpression="" 
             name="SecurityTutorialsSqlMembershipProvider" 
             type="System.Web.Security.SqlMembershipProvider"/>
	</providers>
</membership>

Is there more to it? This is driving me crazy so any help will be very appreciated. I am adding users through the Web Site Administration Tool. In the database, the passwords are obviously entered as encrypted/hased with a passwordformat=1.

Thanks!

asp.net

1 Contributor
2 Replies
387 Views
7 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by maleke

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

maleke 0 Newbie Poster · Answer 1 · 2011-02-02T03:51:50+00:00

Actually, realizing local server is the connectionstring, the posted code above is incorrect.

<connectionStrings>
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer" connectionString="Integrated Security=SSPI;Data Source=MARTIN-PC\SQLEXPRESS;Initial Catalog=newdb;" providerName="System.Data.SqlClient"/>
   </connectionStrings>
	<system.web>
		<membership>
			<providers>
				<add connectionStringName="LocalSqlServer" 
             enablePasswordRetrieval="true" 
             enablePasswordReset="true" 
             requiresQuestionAndAnswer="true" 
             applicationName="SecurityTutorials" 
             requiresUniqueEmail="true" 
             passwordFormat="Clear" 
             maxInvalidPasswordAttempts="5" 
             minRequiredPasswordLength="7" 
             minRequiredNonalphanumericCharacters="0" 
             passwordAttemptWindow="10" 
             passwordStrengthRegularExpression="" 
             name="SecurityTutorialsSqlMembershipProvider" 
             type="System.Web.Security.SqlMembershipProvider"/>
			</providers>
		</membership>

All users created still have encrypted or hashed passwords. Apparently LocalSqlServer is the only db connection I can use because I am doing everything local? If so, then I understand why setting passwordformat=clear on my first post did nothing.

To sum it up:
1. <remove name="LocalSqlServer"/> removes default local connection
2. <add name="LocalSqlServer.... redefines my connection. This connects to the right db.
3. attempt to set passwordformat=clear but still functions as if set to hashed

If you can help me out, then much thanks!

maleke 0 Newbie Poster · Answer 2 · 2011-02-02T04:11:52+00:00

Nevermind, I solved my problem after several hours of frustration

<connectionStrings>
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer" connectionString="Integrated Security=SSPI;Data Source=MARTIN-PC\SQLEXPRESS;Initial Catalog=newdb;" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    
    <membership
            defaultProvider="SqlProvider" userIsOnlineTimeWindow="20" >
    <providers>
      <clear/>
      <add name="SqlProvider"
          type="System.Web.Security.SqlMembershipProvider"
          connectionStringName="LocalSqlServer"
          enablePasswordRetrieval="false"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          passwordFormat="Clear"
          applicationName="/" />
    </providers>
  </membership>

I wasn't giving my provider a name, and did not state a default provider.

Pretty confusing if I even understand it yet. I had to remove localsqlserver because its the default connection, and then redefine it so I could connect to my db. Then, I had to set a default provider in order to use the only provider I was creating.