我的应用程序使用 ASP.NET 成员资格提供程序。正确配置并在配置文件中指定密码格式后,用户密码仍以纯文本形式存储,而不是散列值。
我究竟做错了什么?
这是我的网络配置文件
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<connectionStrings>
<add name="db_connection" providerName="System.Data.SqlClient" connectionString="Data Source=192.168.11.10;Integrated Security=true;Initial Catalog=TestDB;User ID=sysad;Password=abc@123_ec"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<pages>
<namespaces>
<add namespace="System.Web.Optimization" />
</namespaces>
<controls>
<add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
<add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
<add assembly="JuiceUI" namespace="Juice" tagPrefix="juice" />
</controls>
</pages>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="25" />
</authentication>
<membership defaultProvider="Myprovider">
<providers>
<add name="Myprovider"
type="System.Web.Security.SqlMembershipProvider"
passwordFormat="Hashed"
connectionStringName="db_connection"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="3"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
applicationName="" />
</providers>
</membership>
</system.web>
</configuration>