Migrating from SqlMembershipProvider to Custom Provider
Here's the scenario:
I have used default SqlMembershipProvider to implement membershp on a website. Now I'd like to migrate to my custom membership provider. (FYI the provide I use is CodeFirst Membership Provider. The problem is, the provider uses a custom encryption/hash algorithm to store passwords in db and I don't want to generate new passwords for every user and mail them the new password.How can I implement default membership password hashing/encryption in my provider. I used reflector/googled and tried the following code which seems to be the default implementation in SqlMembershipProvider:
internal static string GenerateSalt()
{
byte[] buf = new byte[16];
(new RNGCryptoServiceProvider()).GetBytes(buf);
return Convert.ToBase64String(buf);
}
internal string EncodePassword(string pass, string salt)
{
byte[] bIn = Encoding.Unicode.GetBytes(pass);
byte[] bSalt = Convert.FromBase64String(salt);
byte[] bAll = new byte[bSalt.Length + bIn.Length];
byte[] bRet = null;
Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
HashAlgorithm s = HashAlgorithm.Create("SHA1");
bRet = s.ComputeHash(bAll);
return Convert.ToBase64开发者_Go百科String(bRet);
}
And used it in my ValidateUser method:
string salt = GenerateSalt();
string pass = EncodePassword(enteredPassword, salt);
bool verificationSucceeded = pass == user.Password;
But the pass returned from EncodePassword is different from the one that the default SqlMembershipProvider has put into database before switching to custom membership. How can I implement the exact password validation/generation like Default SqlMembershipProvider?
Note: since I have not defined any machinekey in my web.config, I'm sure the default provider used Hashed Password Format, not Encrypted or Clear.
Thank you.
Found the solution:
in ValidateUser method, we have to get PasswordSalt from aspnet_Membership table, not generating it!
Dummy question. :|
加载中,请稍侯......
精彩评论