I have a project to understand and modified. in this the developer is using asp.net membership provider for user registration purposes. I need to know which password encryption technique is using in this project.
My
web.config file is this.
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
and in the sql database table in asp_membership the column
passwordFormat is set to 1.
I have wrote another program to see that if i done this customize with sh1. but it did not return the matched value.
E.G
email; abc@gmail.com , Password: XD/9f1M211z5jv2LTazSrVgPyrc= , PasswordSalt: T3pit6T+AnxAEWFslVd5Lw==
here is my code
protected void btn_register_Click(object sender, EventArgs e)
{
user_email = tbx_email.Text.Trim();
user_password = tbx_password.Text.Trim();
string salt = "T3pit6T+AnxAEWFslVd5Lw==";
string haspassword = CreatePasswordHash(user_password, salt);
db1.sqlcmd = new SqlCommand("usp_register_user");
try{
using (SqlDataAdapter sda = new SqlDataAdapter())
{
db1.sqlcmd.CommandType = CommandType.StoredProcedure;
db1.sqlcmd.Parameters.AddWithValue("@email", user_email);
db1.sqlcmd.Parameters.AddWithValue("@Password", haspassword);
db1.sqlcmd.Parameters.AddWithValue("@PasswordSalt", salt);
db1.sqlcmd.Parameters.Add("@success", SqlDbType.Bit);
db1.sqlcmd.Parameters["@success"].Direction = ParameterDirection.Output;
db1.sqlcmd.Connection = db1.sqlcon;
db1.sqlcon.Open();
db1.sqlcmd.ExecuteScalar();
success = Convert.ToBoolean(db1.sqlcmd.Parameters["@success"].Value);
}
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
finally
{
if (success == true)
{
db1.sqlcon.Close();
lbl_status.Text = "Ho Gya..";
lbl_status.ForeColor = System.Drawing.Color.Green;
lbl_status.Visible = true;
}
else
{
db1.sqlcon.Close();
lbl_status.Text = "Nahi Huwa Yar.. Phr Try kro";
lbl_status.ForeColor = System.Drawing.Color.Red;
lbl_status.Visible = true;
}
}
}
private static string CreatePasswordHash(string pwd, string salt)
{
string saltAndPwd = String.Concat(pwd, salt);
string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPwd, "sha1");
return hashedPwd;
}
and now the result is this:
E.G
email; abc@gmail.com , Password: 57C0E8D97D5A3652320D0CA660526DD3A1E6C235 , PasswordSalt: T3pit6T+AnxAEWFslVd5Lw==
it should store this na;
email: abc@gmail.com , Password: XD/9f1M211z5jv2LTazSrVgPyrc= , PasswordSalt: T3pit6T+AnxAEWFslVd5Lw==
help me to Where did i go wring?