Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Kris Janssen 210 posts 569 karma points c-trib
    May 14, 2017 @ 22:50
    Kris Janssen
    0

    Transition from LegacyEncoding for passwords

    If there are sites still running in LegacyEncoding = true

    What is the proper way to transition to the safer method?

    If the parameter is just changed from true to false, obviously, one cannot sign in anymore.

    Also, after having enabled the new method, how are upgrades of Umbraco handled? Will the salt be maintained? How does that work?

    Copy Link
  • Sebastiaan Janssen 5061 posts 15544 karma points MVP admin hq
    May 15, 2017 @ 11:26
    Sebastiaan Janssen
    0

    Right now this is a bit of a manual process. I'm sure someone can automate this though.

    When you're logged into the backoffice (thus you have a valid cookie) you can set useLegacyEncoding="false" on the UsersMembershipProvider. After the app restarts you're still logged into the backoffice and can proceed to change your password. Once you've changed it, it will be stored in the more secure format.

    Then you will need to go through all of the other existing users and either reset their password (please don't change all of their passwords to changeme1234). If you have password recovery enabled they can use that of course.

    The salt is stored in the password field and will (have!) to be maintained. Upgrades work exactly the same as before.

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

    Continue discussion

Please Sign in or register to post replies