7

We have a legacy desktop application that stores plain text passwords in a users table. I have created web version of the same on asp.net mvc 4.5.

I am using asp.net identity 2.0, and have virtually linked aspnetusers table to users table. I do this by running a script that inserts all users from users table into aspnetusers table and the ids remain same in both tables. [I cannot even add a single column into the existing table to make it work with asp.net identity.]

Our requirement is that passwords will be same for both web and desktop applications.

Now my problem is how do i create a hash of all those passwords and put them into password hash of aspnetusers table. How does asp.net identity do it? Can i replicate that same mechanism in sql so whenever a password change happens in users table, i can run a trigger and recalculate the hash for my aspnetusers table?

Samra
  • 1,815
  • 4
  • 35
  • 71

2 Answers2

9

I found the answer here

public static string HashPassword(string password)
{
  byte[] salt;
  byte[] buffer2;
  if (password == null)
  {
      throw new ArgumentNullException("password");
  }
  using (Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(password, 0x10, 0x3e8))
  {
    salt = bytes.Salt;
    buffer2 = bytes.GetBytes(0x20);
  }
  byte[] dst = new byte[0x31];
  Buffer.BlockCopy(salt, 0, dst, 1, 0x10);
  Buffer.BlockCopy(buffer2, 0, dst, 0x11, 0x20);
  return Convert.ToBase64String(dst);
}
Samra
  • 1,815
  • 4
  • 35
  • 71
0

based on .net6 latest version: https://github.com/mammadkoma/webapi/blob/master/WebApi/Utilities/PasswordHasher.cs

use: https://github.com/mammadkoma/webapi/blob/master/WebApi/Controllers/UserController/UserController.cs

M Komaei
  • 7,006
  • 2
  • 28
  • 34