By default, Gallery Server Pro uses the SqlMembershipProvider for account management, and it is configured to store users' passwords as clear text. This setting is controlled by the passwordFormat attribute in the web.config file, as seen here:
Code:<membership defaultProvider="SqlMembershipProvider">
<providers>
<clear/>
<add name="SqlMembershipProvider"
...
passwordFormat="Clear"
...
</providers>
</membership>
There are three options: Clear, Hashed, and Encrypted.
Clear passwords allow for very fast authentication on the server. Also, clear passwords can be e-mailed to users using the Forgot my password feature on the logon page. However, it is not as secure as hashing or encryption.
Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value. This is more secure, but the password is not recoverable once it is hashed. This means you cannot use the Forgot my password feature, and an administrator cannot change the password on the Manage users page in the Site admin area (an administrator can, however, use the Reset password function to reset the password to a random value).
The third choice is to set the password format to Encrypted. The passwords are encrypted, which provides security, and can also be decrypted by Gallery Server Pro. This means users who forget their password can have it e-mailed to them without any administrator intervention. For many, this is the best option, but to get it working in Gallery Server Pro you have to do a little bit of manual work.
After setting passwordFormat to "Encrypted" in web.config, you will get the following message when trying to create a new user:
Quote:You must specify a non-autogenerated machine key to store passwords in the encrypted format. Either specify a different passwordFormat, or change the machineKey configuration to use a non-autogenerated decryption key.
Don't worry, this is a good thing! Microsoft is protecting you from shooting yourself in the foot. If it didn't throw an error, your users would be created with an encryption key that isn't discoverable and is not transportable to other machines. In other words, your user database becomes chained to the server on which it is created and cannot be migrated elsewhere! This is definitely Not A Good Thing.
By default, ASP.NET uses machine-generated keys for encryption, as configured in the server-wide machine.config file:
Code:<machineKey validationKey="AutoGenerate,IsolateApps"
decryptionKey="AutoGenerate,IsolateApps"
validation="SHA1" decryption="Auto" />
The solution is to explicitly specify encryption keys, either in machine.config (safer) or Gallery Server's web.config file (less safe). The values go in the <system.web> section and should look something like this:
Code:<machineKey
validationKey="B6AF9388159183B6A8EE690C851398A11997C519F859599459E30121EF4DF8BF
2B1666BC82BB6FEB2FEF279BEB325E897AED6EA5B71C55D213B76510EF96CAA8"
decryptionKey="3C5EF273A20ED2473594C9691627700A79376A7C1455320A"
validation="SHA1" />
Don't just copy this, though - you'll want to generate your own keys. There are many code samples how to do this and at least
one web site to help you out.
Once you add the keys, any new users you create will have encrypted passwords.
Note that when a user is created, the password format that is active at that time determines the format for that user's password for the lifetime of the user's account. Even if you change the format to another value, that user's password is never updated to reflect the new scheme. For example, if you created an Admin user when you installed Gallery Server Pro, it's password is forever stored as clear text, even if you change the password or reset it. The only way around this is to delete the user and recreate it.