If so, click to download 15 days full version for free!
ASP.NET Forms Authentication mechanism supports optional definitions of name and password credentials within the configuration file. For prototyping purposes or very small and basic applications this ways of keeping user credentials in Web.config for Forms Authentication is doable.
Below configuration example defines Forms Authentication with credentials for which passwords are kept in MD5 hashes. Anybody who has a view permission for Web.config (through a vulnerability or normal flow) can view application users passwords in cryptographic digest, however, since it’s easy to crack MD5, either using brute-force or online rainbow tables, this method of storage proves to be insecure.
<configuration> <system.web> <authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="1440"> <credentials passwordFormat="MD5"> <user name="admin" password="ab4725ecba07494762aacff12" /> </credentials> </forms> </authentication> …
If so, click to buy now for yearly subscriptions!