Home/ Questions/Q 1091911
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T23:36:19+00:00

Application : Nerddinner. This SP is for an inserting password for newly created User.

  • 0

Application : Nerddinner.

This SP is for an inserting password for newly created User. I was trying to figure out where the @Password come from in the application code since it is provided to this SP.
I looked for it on application level, but I could not find it on application level. Does anyone know where the SP is used in the application to pass @Password?

  ALTER PROCEDURE [dbo].[aspnet_Membership_CreateUser]
            @ApplicationName                        nvarchar(256),
            @UserName                               nvarchar(256),
            @Password                               nvarchar(128),
            @PasswordSalt                           nvarchar(128),
            @Email                                  nvarchar(256),
            @PasswordQuestion                       nvarchar(256),
            @PasswordAnswer                         nvarchar(128),
            @IsApproved                             bit,
            @CurrentTimeUtc                         datetime,
            @CreateDate                             datetime = NULL,
            @UniqueEmail                            int      = 0,
            @PasswordFormat                         int      = 0,
            @UserId                                 uniqueidentifier OUTPUT
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is how MS does it: 

    internal string EncodePassword(string pass, int passwordFormat, string salt)
    {
        if(passwordFormat == 0) // MembershipPasswordFormat.Clear
            return pass;

        byte[] bIn = Encoding.Unicode.GetBytes(pass);
        byte[] bSalt = Convert.FromBase64String(salt);
        byte[] bAll = new byte[bSalt.Length + bIn.Length];
        byte[] bRet = null;

        Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
        Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
        if(passwordFormat == 1)
        { // MembershipPasswordFormat.Hashed
            HashAlgorithm s = HashAlgorithm.Create(Membership.HashAlgorithmType);
            bRet = s.ComputeHash(bAll);
        }
        else
        {
            bRet = EncryptPassword(bAll);
        }

        return Convert.ToBase64String(bRet);
    }
    • 0