I heard that the hashing algorithm for asp.net membership is sha-1, but I've seen in most articles that it is no longer safe, also I would like to know if most professional developers are using asp.net membership or do they come up with their own solution/
implementation with regards to login, authentication, authorization of their system/projects. Does asp.net membership really provide a secure and robust solution for login, authentication, authorization of web applications? :) Sir/Ma'am, Your answers would
be of great help.
I heard that the hashing algorithm for asp.net membership is sha-1, but I've seen in most articles that it is no longer safe
Technically speaking, nothing is safe. There are still ways to hack any kind of security system. So nothing will be 100% secure and perfect.
randelramirez1
also I would like to know if most professional developers are using asp.net membership
Of course I do use membership provider for most of the applications. Basically it provides a good security for a web application.
randelramirez1
or do they come up with their own solution
Personally speaking, I do not. But I'm sure there are many situations where we need to implement our own. For more refernece, you can refer to the articles Brok has provided.
randelramire...
Member
90 Points
81 Posts
Does asp.net membership really provide a secure and robust solution for login, authentication, au...
Jan 26, 2013 04:34 PM|LINK
BrockAllen
All-Star
28052 Points
4996 Posts
MVP
Re: Does asp.net membership really provide a secure and robust solution for login, authentication...
Jan 26, 2013 05:02 PM|LINK
http://brockallen.com/2012/06/04/membership-is-not-the-same-as-forms-authentication/
http://brockallen.com/2012/09/02/think-twice-about-using-membershipprovider-and-simplemembership/
http://brockallen.com/2012/10/19/password-management-made-easy-in-asp-net-with-the-crypto-api/
http://brockallen.com/2013/01/26/replacing-forms-authentication-with-wifs-session-authentication-module-sam-to-enable-claims-aware-identity/
https://github.com/brockallen/BrockAllen.MembershipReboot
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Mikesdotnett...
All-Star
155593 Points
19979 Posts
Moderator
MVP
Re: Does asp.net membership really provide a secure and robust solution for login, authentication...
Jan 26, 2013 05:19 PM|LINK
I assume you are referring to the SqlMembership Provider, which uses SHA1 by default, but you can specify a different algortihm in your web.config: http://msdn.microsoft.com/en-gb/library/system.web.security.sqlmembershipprovider.passwordformat.aspx
In any event, if the SqlMembership Provider doesn't work for you, you can always implement your own provider.
Web Pages CMS | My Site | Twitter
Ruchira
All-Star
44216 Points
7184 Posts
MVP
Re: Does asp.net membership really provide a secure and robust solution for login, authentication...
Jan 30, 2013 09:22 AM|LINK
Hello,
Technically speaking, nothing is safe. There are still ways to hack any kind of security system. So nothing will be 100% secure and perfect.
Of course I do use membership provider for most of the applications. Basically it provides a good security for a web application.
Personally speaking, I do not. But I'm sure there are many situations where we need to implement our own. For more refernece, you can refer to the articles Brok has provided.
My Tech blog | My YouTube ChannelPlease 'Mark as Answer' if this post helps you.