asp.net - Changing SqlMembershipProvider to use MD5, Joomla-style passwords -


i'm trying migrate users joomla database custom 1 using default asp.net tables , providers. theoretically can change hash type default (sha) md5 changing web.config, however, when logging in reports invalid password (or username, doubt it's that). examining aspnet_membership table , joomla_users table can see both have same password , salt values per user (joomla 1.7 stores password:salt that's easy split 2 fields). both appear in base64 format, , adding user through asp default log in control results in similar pair of fields new user (though salt randomized think, can't compare same known password).

here's extract web.config:

<system.web>   <machinekey validation="md5"/>   ... <membership hashalgorithmtype="md5">   <providers>     <clear />     <add name="aspnetsqlmembershipprovider"          type="system.web.security.sqlmembershipprovider"          connectionstringname="userauth"          enablepasswordretrieval="false"          enablepasswordreset="true"          requiresquestionandanswer="false"          requiresuniqueemail="false"          maxinvalidpasswordattempts="5"          minrequiredpasswordlength="6"          minrequirednonalphanumericcharacters="0"          passwordattemptwindow="10"          passwordformat="hashed"          applicationname="/" />   </providers> </membership> </system.web> 

one thing i'm not sure on whether it's md5, md5, or md5 (i've seen both latter in code samples while googling). however, can write nonsense instead , application doesn't appear bat eyelid.

i don't particularly wish write custom membership provider unless there no other way.

here's php compares joomla hashed password 1 supplied parameter function:

                $user_id = mysql_result($result, 0, 'id');                 $db_password = mysql_result($result, 0, 'password');                 $joomla = &new jconfig;                 list($md5pass, $saltpass) = split(":", $db_password);                 $md5_password = md5($user_password.$saltpass);                 if (strcmp($md5_password, $suppliedpass) == 0)                 {                     return $user_id;                 } 

either asp version ignoring md5 request, or somehow it's storing in other way, or i'm not telling use md5 correctly, or...? don't want tell 4000 users reset passwords, though i'm aware md5 not recommended these days.

i think worked out. in joomla, php code, md5 applied pass+salt. in sqlmembershipprovider.cs it's applied salt+pass.

the sqlmembershipprovider.cs found via sqlmembershipprovider - source code - maybe not true source see no reason why should different true source in particular aspect.


Comments

Popular posts from this blog

SPSS keyboard combination alters encoding -

Add new record to the table by click on the button in Microsoft Access -

CSS3 Transition to highlight new elements created in JQuery -