PasswordFormat settings in IIS7

Topics: Business Logic Layer
Jan 4, 2011 at 3:17 PM

Hi,

I recently moved a blog (installed in a separate folder) into my main CMS application.

If I set the passwordformat to "Clear" in web.config I can login ok.

If I set it to "Hashed" it will not allow me to login in.

"Hashed" works ok on my local XP Pro installation, it is only IIS7 which it fails on.

Can anyone shed any light on this please.

Thanks.

Coordinator
Jan 5, 2011 at 7:56 AM

If you change the format, the format of the Password that is already stored will not change.

So if you are using the default XML provider, and the password looks like:

<Password>jGl25bVBBBW96Qi9Te4V37Fnqchz/Eu4qB9vKrRIqRg=</Password>

That is hashed.  If you change the format to Clear, then you'll need to type that exact string of characters above in order to log in.

If the password is:

<Password>clear-text-pwd</Password>

And you change the password format from Clear to Hashed, you won't be able to log in, since that password above is not hashed.

I'm not sure what your <Password> looks like ... but just thought I'd throw this information out there ... just in case.

The same hashing algorithm should work on both IIS 5.1 (WinXP), IIS 6, IIS 7.