Last post Jul 20, 2009 03:11 PM by email@example.com
Feb 11, 2008 06:03 PM|fzaynoun|LINK
I was checking the this database to try check for the users, so i found that there is the aspnet_membership table that contains the users and another one called aspnet_users table, what is table supposed to contain? Also i noticed that the passwords are
hashed, i wonder if it is possible to get the password programatically, i am using the default memebership provider, so is there a way to decrypt the password, otherwise how aspnet can get the password when prompted for the secret question?
aspnetdb aspnet_users aspnet_membership password
Feb 11, 2008 06:28 PM|AmrElsehemy|LINK
First about the tables :
asp_Users contains the data used for any user that interacts with the system, users can Login data (username,password and stuff), users can have Personalized pages(web parts stuff) , users can have Profiles.
All those need a user so the aspnet_Users table contain the basic information needed for a user.
aspnet_Membership is the data associated with a user intended for login data as password,
passwrodFormat, Lastactivtiy date, last password changes and stuff like that.
Second the Default behavior of the asp membership is to use Passwords with Hashed formats Hash is a one way encryption so you can not Retrieve the Passwords,
there are two password formats supported too, Ecrypted (which is a two way encryption) and Clear (which saves the password in basic format)
Can be changed like this in web.config:
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=220.127.116.11, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
Feb 11, 2008 08:56 PM|fzaynoun|LINK
So when someone click the i forget my password, a new password is assigned, there is no way go back.
Feb 11, 2008 11:29 PM|AmrElsehemy|LINK
Yes exactly, thats the case when the passwordFormat = "Hashed"
like in line 9 above,
While there is another parameter on line 4 enablePasswordRerieval = "false" if u set this parameter to
true and format is Hashed the application will throw an exception while if the format is
Clear or Encrypted then you can enable retriving the password.
But the default , more secure approach is when the user forgets the password, he recieves a new random password since he cant his old,(since Hashing -> one way encryption)
Jul 20, 2009 03:11 PMfirstname.lastname@example.org|LINK
Hi If you are looking for the detailed explanation for how to create
asp.net membership provider database default name is aspnetdb.
Look at this articles