How to migrate from custom Membership Provider to SqlMembershipProvider?
https://stackoverflow.com/questions/9182153
-
26-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm currently using a very basic custom implementation of MembershipProvider in an ASP.NET web application. As my requirements for membership increase, it seems to make a lot of sense to use an existing, full featured, and well tested implementation like SqlMembershipProvider. I've figured out how to use the aspnet_Memebership stored procedures to create users from my custom tables, but I'm stuck on the password. My custom implementation doesn't use salt, and SqlMembershipProvider seems to require it.
I want this to be a smooth transition for my users and not require everyone to update their password the first time they login after the change.
How do I migrate hashed passwords from a custom implementation (see below) to SqlMemberhipProvider?
FormsAuthentication.HashPasswordForStoringInConfigFile(password, FormsAuthPasswordFormat.SHA1.ToString())
Update: I should clarify that my custom provider is an implementation of MembershipProvider, just not a full featured one. Also, I've tried using aspnet_Membership_CreateUser with empty salt, but the hashes don't match.
Solution
You can write a custom hash algorithm that removes the salt (the first 16 bytes of the combined salt-and-password).
http://forums.asp.net/t/981295.aspx
Alternatively you could probably write your own class that inherits MembershipProvider, but this would be more work.
OTHER TIPS
Your best bet would be to try to create the SqlMembership's users manually (through the stored procedures) with an empty salt.
If that doesn't work, I think you're out of luck with the SqlMembershipProvider, but you could always write your own MembershipProvider (possibly even based on the SqlMembershipProvider's own back-end). It's not that hard.
Override the System.Web.Security.SqlMembershipProvider class, and override as many or as few methods as you need to customize.
web.config not seen here. but the fact that you got your own custom one working in the first place, I don't that part is a tripping point.
public class SqlMembershipProviderOverride : System.Web.Security.SqlMembershipProvider
{
public static readonly string FORCED_OVERRIDE_APPLICATION_NAME = "MyApplicationName";
public SqlMembershipProviderOverride()
{
this.ApplicationName = FORCED_OVERRIDE_APPLICATION_NAME;
}
public override System.Web.Security.MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status)
{
return base.CreateUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status);
/*
Do "your own thing" in this or any other override method
*/
}
}
