Geeks With Blogs

News INETA Community Speakers Program
GeeksWithBlogs.net: WTFNext's hosting!

View Stacy Vicknair's profile on LinkedIn


WTF Next? Dev ramblings from a master of nothing.

I was recently following along in a quick tutorial in Microsoft ASP.NET Programming with Microsoft Visual Basic .NET Version 2003 Step By Step by G. Andrew Duthie, when low and behold I came across a fundamental tutorial about ASP.NET authentication that just didn't work. The culprit? authorization forms credentials has a default of SHA1, not Clear that the book assumed. I checked through the MSDN entries to make sure this still applied in 3.5, even though the book was written for ASP.NET 1.1 (which we use here, sadly).

So, the book had requested that I enter the following in my web.config for an example:

<credentials>
    <user name="1234" password="pass" />
</credentials>    

When I really should have been entering in this:

<credentials passwordFormat="Clear">
    <user name="1234" password="pass" />
</credentials>    

The result? frustration when my very straightforward and simple attempt at the ASP.NET world was foiled. So, in the case where you might use authentication this way (which is only for the most basic needs for "security") remember the default is SHA1, not Clear.

 

Posted on Friday, November 21, 2008 3:25 PM .NET Tips | Back to top


Comments on this post: .NET Tip: authorization forms credentials default is SHA1, not Clear

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Stacy Vicknair | Powered by: GeeksWithBlogs.net