1

What encryption algorithm is used in Form authentication when I use ASP.NET MVC 4?

The reason I'm asking is because I need to encrypt password on a phone and compare the hashed versions.

Improve this question

1 Answer 1

Reset to default
2

Forms Authentication doesn't handle validating a users password. Typically that is handled by the MembershipProvider. Once you validate a users credentials, you can set an authentication cookie using Forms Authentication, which can then be validated by something like the AuthorizeAttribute.

You can find the algorithm and format that the default membership provider uses to hash passwords in this answer. You can also look at the implementation of SimpleMembershipProvider, which has an example of generating correct membership hashes.

As a side note, if you're looking for something stronger than the default membership provider method, StackOverflow uses PBKDF2 to derive hashes, which slows down computation and makes brute force attacks harder.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.