0

I'm trying to create a login page in which I'm trying to use Form Authentication hash function but I'm getting this error message

FormsAuthentication.HashPasswordForStoringInConfigFile(string, string) is obsolete: the recommended alternative is to use membership APIs, such as Membership.CreateUser.....

Anyone please tell me what is wrong here and how fix this. Also if there is any alternate way to hash my passwords before storing it in db please let me know. I'm using

Visual Studio 2015 pro

asp.net web site project

my declaration

string ax = FormsAuthentication.HashPasswordForStoringInConfigFile(_inPASSWORD.Text, "MD5");
Community
  • 1
  • 1
Mr. Vishwas
  • 11
  • 6
  • The method you are using has been deprecated. To ensure continued functionality, it is best not to use deprecated methods. It is pointing you to use the Membership library. This may be helpful http://stackoverflow.com/questions/13527277/drop-in-replacement-for-formsauthentication-hashpasswordforstoringinconfigfile – Marshall Tigerus May 12 '17 at 16:32
  • MD5 is very insecure. – SLaks May 12 '17 at 16:32
  • Security is _hard_. Do not build your own authentication system; you will make subtle mistakes that can compromise your users. You should use the built-in Membership system, as the error is telling you to. – SLaks May 12 '17 at 16:33
  • I don't have any idea of membership system – Mr. Vishwas May 12 '17 at 16:47
  • 1
    Well, you left off the last part of the error message, which is: "For more information, see [http://go.microsoft.com/fwlink/?LinkId=252463](http://go.microsoft.com/fwlink/?LinkId=252463)". Click the link and read about the new features. – Rufus L May 12 '17 at 17:05
  • It's not an error. It's a warning. The answer is here: https://stackoverflow.com/questions/13527277/drop-in-replacement-for-formsauthentication-hashpasswordforstoringinconfigfile – Doug S Aug 25 '18 at 00:21

0 Answers0