MembershipPasswordFormat MembershipPasswordFormat MembershipPasswordFormat MembershipPasswordFormat Enum

定义

描述用于存储成员身份用户密码的加密格式。Describes the encryption format for storing passwords for membership users.

public enum class MembershipPasswordFormat
public enum MembershipPasswordFormat
type MembershipPasswordFormat = 
Public Enum MembershipPasswordFormat
继承
MembershipPasswordFormatMembershipPasswordFormatMembershipPasswordFormatMembershipPasswordFormat

字段

Clear Clear Clear Clear 0

不安全,请勿使用。Not secure, do not use. 密码未加密。Passwords are not encrypted.

Encrypted Encrypted Encrypted Encrypted 2

不安全,请勿使用。Not secure, do not use. 使用由 machineKey 元素 (ASP.NET 设置架构) 的元素配置确定的加密设置对密码进行加密。Passwords are encrypted using the encryption settings determined by the machineKey Element (ASP.NET Settings Schema) element configuration.

Hashed Hashed Hashed Hashed 1

使用 SHA1 哈希算法对密码进行单向加密。Passwords are encrypted one-way using the SHA1 hashing algorithm. 可以使用 属性指定与 SHA1 算法不同的哈希算法。You can specify a hashing algorithm different than the SHA1 algorithm by using the attribute.

示例

下面的示例演示machineKey 元素 (ASP.NET 设置架构)中的元素system.web的 ASP.NET 应用程序的 Web.config 文件部分。The following example shows the machineKey Element (ASP.NET Settings Schema) element in the system.web section of the Web.config file for an ASP.NET application. 指定应用程序的SqlMembershipProvider实例,并将其密码的格式设置为HashedIt specifies the application's SqlMembershipProvider instance and sets its password format to Hashed.

<membership defaultProvider="SqlProvider"   
  userIsOnlineTimeWindow="20" hashAlgorithmType="SHA1">  
  <providers>  
    <add name="SqlProvider"  
      type="System.Web.Security.SqlMembershipProvider"  
      connectionStringName="SqlServices"  
      enablePasswordRetrieval="false"  
      enablePasswordReset="true"  
      requiresQuestionAndAnswer="true"  
      passwordFormat="Hashed"  
      applicationName="MyApplication" />  
  </providers>  
</membership>  

注解

SqlMembershipProvider类支持不同的密码存储格式,但只应使用Hashed;ClearEncrypted是不安全的。The SqlMembershipProvider class supports different password storage formats, but you should only use Hashed; Clear and Encrypted are not secure. 清除密码是不安全,不应使用。Clear passwords are not secure and shouldn't be used. 它们存储在纯文本。They are stored in plain text. 加密的密码不被视为安全,受到破坏,可以显示出您的数据库的内容也可以公开加密密钥。Encrypted passwords are not considered safe, as a breach that reveals your database contents can also expose the encryption key. 这意味着无法解密已加密的密码,并将其公开。This means your encrypted passwords could be decrypted and exposed. 存储和可进行密码比较或密码检索解密时,密码进行加密。Passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. 使用单向加盐哈希存储在数据库中时经过哈希处理的密码进行加密。Hashed passwords are encrypted using a one-way salted hash when stored in the database. 当验证密码时,它是与 salt 值结合使用,将哈希处理。When a password is validated, it is combined with a salt value and then hashed. 与验证数据库中的值进行比较结果。The result is compared with the value in the database for verification. 无法检索哈希的密码。Hashed passwords cannot be retrieved.

备注

如果您不熟悉 ASP.NET 成员资格功能,请参阅成员资格简介然后再继续。If you are not familiar with the membership features of ASP.NET, see Introduction to Membership before continuing. 与成员资格相关的其他主题的列表,请参阅使用成员资格管理用户For a list of other topics related to membership, see Managing Users by Using Membership.

适用于

另请参阅