先看一下Code: static void Main(string[] args) { string password = "******"; //[这里密码就不写出来了] string salt = "OoBH7KjGqLNjM9MsSeKV4w=="; Console.WriteLine(EncodePassword(password, 1, salt)); } public static string EncodePassword(string pass, int passwordFormat, string salt) { if (passwordFormat == 0) return pass; byte[] bIn = Encoding.Unicode.GetBytes(pass); byte[] bSalt = Convert.FromBase64String(salt); byte[] bAll = new byte[bSalt.Length + bIn.Length]; byte[] bRet = null; Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length); Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length); if (passwordFormat == 1) { HashAlgorithm s = HashAlgorithm.Create("SHA1");//可WINFROM中不可用Membership.HashAlgorithmType bRet = s.ComputeHash(bAll); } else { //bRet = EncryptPassword(bAll); } return Convert.ToBase64String(bRet); } 我是这样去验证的, 在数据库中找到salt, 然后使用在创建数据库时使用的web.config中的PasswordFormat值, 然后将自己以前的密码放进去, 返回的加密后的密码和数据库中去匹配.