Skip to content

Added documentation for Membership Providers configuration #766

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Added documentation for Membership Providers configuration #766

wants to merge 7 commits into from

Conversation

valadas
Copy link
Member

@valadas valadas commented Aug 24, 2025

This will be useful to link to from the release notes of the next DNN version considering this PR dnnsoftware/Dnn.Platform#6638

valadas added 2 commits August 24, 2025 01:28
@valadas
Added documentation for Membership Providers configuration
cb683a9 
Added documentation for Membership Providers configuration
This will be useful to link to from the release notes of the next DNN version considering this PR dnnsoftware/Dnn.Platform#6638
@valadas
Merge remote-tracking branch 'upstream/main' into password-change-docs
92e317f
@valadas valadas added the enhancement New feature or request with the project build label Aug 24, 2025
@valadas valadas mentioned this pull request Aug 24, 2025
Open
mitchelsellers
mitchelsellers reviewed Aug 24, 2025
View reviewed changes
content/features/security-privacy/security/membership-providers/index.md Outdated
### Security Recommendations

1. **Always use Hashed format** in production environments
2. **Upgrade to SHA256** when using DNN 10.2.0 or later for enhanced security
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add a note here referencing the steps are documented below

content/features/security-privacy/security/membership-providers/index.md Outdated
SET UpdatePassword = 1
```

### Changing only the hashing algorithm
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would be explicit here "Changing from SHA-1 to SHA-256" or similar.

content/features/security-privacy/security/membership-providers/index.md Outdated

> 💡You can check the `LastPasswordChangedDate` in the `aspnet_Membership` table to see which users did change their passwords or not after the date of that change. You may use that information to later delete users that may no longer be activivally engaged. Additionally you can wipe the `Password` field if you want to make sure no passwords with the old algorithm are kept (before notifying users about the change).

> 💡**Is it critical to migrate from Encrypted to Hashed?**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be moved above the heading on line 117 to be with the section about changing from Encrypted -> Hashed.

@valadas
Copy link
Member Author

valadas commented Aug 24, 2025

@mitchelsellers adjusted as per your feedback

valadas
valadas commented Aug 29, 2025
View reviewed changes
Copy link
Member Author

@valadas valadas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have adjusted the versions as we agreed this would be a v10.2.0 thing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mitchelsellers mitchelsellers mitchelsellers left review comments

@bdukes bdukes bdukes approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request with the project build
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@valadas @bdukes @mitchelsellers