When creating a user, you can specify how the password is stored in the database. You can choose between the following values of the MembershipPasswordFormat:
- Clear (0)
- Hashed (1)
- Encrypted (2)
For more information about each value, read here.
Default password format
When creating a user, the default password format value of the provider is assigned to the user object. To modify the default value of the provider, you must perform the following:
- Log in to the Sitefinity CMS backend.
- From the menu, click Administration » Settings.
- Click Advanced Settings.
- In the tree view, navigate to Security » Membership providers.
- Click the provider that you want to modify.
- Navigate to Parameters » passwordFormat.
- Enter one of the MembershipPasswordFormat values as a string.
- Click the Save changes button.
Changing password format
When changing the password format for a specific user, you must force the password of the user to be re-encoded. To do this, you must call the ChangePassword method of the Telerik.Sitefinity.Security.UserManager object.
To specify the password format, you use the PasswordFormat property of the Telerik.Sitefinity.Security.Model.User object. It is of type int and you must use the integer representations of the MembershipPasswordFormat enumeration. For example:
For more information, see the For developers: Change the password of a user example.
Sitefinity CMS membership uses Salt for additional security, when encoding the passwords. For more information about what Salt is, read here.
When creating a user, a Salt value is automatically assigned to the user object. You can access and change this value through the Salt property of the Telerik.Sitefinity.Security.Model.User object. To generate a new Salt for the users, use the GetRandomKey method of the Telerik.Sitefinity.Security.SecurityManager object and pass the desired length. Here is an example: