https://stackoverflow.com/questions/14731252
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe passwords may be different because they are salted. Check out the PasswordSalt column in the membership database, it should be a Base64 string.
Encrypted passwords in asp.net SQLMembershipProvider and Umbraco membership provider
-
07-03-2022 - |
Question
Security Noob here.
I am trying to move from asp.net membership to Umbraco membership. But using passwordFormat="Encrypted" seems to encrypt differently between the Umbraco membership provider and Microsoft's SQL membership provider.
If I register two users with the SQL membership provider (with passwordFormat="Encrypted") - the encoded passwords are different. If I do the same with the Umbraco provider they're the same.
While all the strings decrypt to the same thing (the correct password) - I apparently can't use the passwords encrypted by the SQL membership provider in the umbraco DB (ValidateUser fails).
Anyone have any ideas?
Note: I'm using the same machineKey on both sites.
Edit: Calling EncryptPassword() and EncodePassword() on the Umbraco membership provider gives different results - and EncodePassword is the correct one to call. But EncodePassword isn't available on the .NET Membership provider. This was another part of my confusion.
Solution
OTHER TIPS
The Umbraco passwords are hashed using the System.Security.Cryptography.HMACSHA1 class. I'm guessing you could hash the SQL membership users passwords with HMACSHA1 and call it good.
See Add User with hashed password for more details.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
