Home/ Questions/Q 407445
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T17:35:43+00:00

I have a website in which I am migrating membership from ASP.NET services to

  • 0

I have a website in which I am migrating membership from ASP.NET services to a custom provider. I would like to migrate existing users without them needing to change their passwords.

The users’ passwords are currently stored using a one-way encryption. The only option for me is to use the same salt and passwords as the ASP services and validate against them with my custom provider.

Here is the configuration used to currently hash the passwords with ASP.NET services.

<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15" hashAlgorithmType="">
        <providers>
            <clear/>
            <add connectionStringName="dashCommerce" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="dashCommerce" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
        </providers>
</membership>

I have been pulling my hair out trying to write the code needed to validate passwords against hashes generated by this config.

This is what I have so far. Any help would be greatly appreciated.

private static string CreatePasswordHash(string Password, string Salt)
{
    return FormsAuthentication.HashPasswordForStoringInConfigFile(Password + Salt, "SHA1");
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I dug through reflector and found the code used to compute hashes.

    private static string CreatePasswordHash(string Password, string Salt)
{
    string passwordFormat = SettingManager.GetSettingValue("Security.PasswordFormat");
    if (String.IsNullOrEmpty(passwordFormat))
        passwordFormat = "SHA1";
    byte[] bytes = Encoding.Unicode.GetBytes(Password);
    byte[] src = Convert.FromBase64String(Salt);
    byte[] dst = new byte[src.Length + bytes.Length];
    byte[] inArray = null;
    Buffer.BlockCopy(src, 0, dst, 0, src.Length);
    Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);

    HashAlgorithm algorithm = HashAlgorithm.Create(passwordFormat);
    inArray = algorithm.ComputeHash(dst);

    return Convert.ToBase64String(inArray);
}

    This worked.

    • 0