Right now this is a bit of a manual process. I'm sure someone can automate this though.
When you're logged into the backoffice (thus you have a valid cookie) you can set useLegacyEncoding="false" on the UsersMembershipProvider. After the app restarts you're still logged into the backoffice and can proceed to change your password. Once you've changed it, it will be stored in the more secure format.
Then you will need to go through all of the other existing users and either reset their password (please don't change all of their passwords to changeme1234). If you have password recovery enabled they can use that of course.
The salt is stored in the password field and will (have!) to be maintained. Upgrades work exactly the same as before.
Transition from LegacyEncoding for passwords
If there are sites still running in
LegacyEncoding = trueWhat is the proper way to transition to the safer method?
If the parameter is just changed from true to false, obviously, one cannot sign in anymore.
Also, after having enabled the new method, how are upgrades of Umbraco handled? Will the salt be maintained? How does that work?
Right now this is a bit of a manual process. I'm sure someone can automate this though.
When you're logged into the backoffice (thus you have a valid cookie) you can set
useLegacyEncoding="false"on theUsersMembershipProvider. After the app restarts you're still logged into the backoffice and can proceed to change your password. Once you've changed it, it will be stored in the more secure format.Then you will need to go through all of the other existing users and either reset their password (please don't change all of their passwords to
changeme1234). If you have password recovery enabled they can use that of course.The salt is stored in the password field and will (have!) to be maintained. Upgrades work exactly the same as before.
is working on a reply...