>Has anyone actually managed to set a users' password (hashed) via aspnet_Membership_SetPassword in a silverlight app?
>
>I can do it in ASP.NET w/o problem. The System.Security.Cryptography class for ASP.NET seems to handle hashing (SHA1) exactly the way asp.net likes.
>
>System.Security.Cryptography in Silverlight naturally is different than the one available in asp.net. Using System.Security.Cryptography.SHA1Managed to hash a password generates what looks like a hash, but save it using aspnet_Membership_SetPassword and the user will not be able to log in again.
>
>So far, after most of the day spent searching/chasing dead ends/ etc I haven't found any code that actually works (in Silverlight).
>
>This is part of the Administration module I've been writing.
>
>for reference.. my password hasing classes..
>
> // This generates a secure 1 time salt to use when encrypting/assigning a password
> public static string CreateSalt()
> {
> RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
> byte[] buff = new byte[16]; // was [32]
> rng.GetBytes(buff);
> return Convert.ToBase64String(buff);
> }
>
> //uses the Salt generated in CreateSalt to hash the passed-in password.
> //The hashed password and the salt must be passed to aspnet_Membership_CreateUser to create the user
> public static string EncodePassword(string pass, string salt)
> {
> byte[] bytes = Encoding.Unicode.GetBytes(pass);
> byte[] src = Encoding.Unicode.GetBytes(salt);
> byte[] dst = new byte[src.Length + bytes.Length];
> System.Buffer.BlockCopy(src, 0, dst, 0, src.Length);
> System.Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
>
> ////System.Security.Cryptography.
> ////silverlight version
>
> SHA1 algorithm = new System.Security.Cryptography.SHA1Managed();
> byte[] inArray = algorithm.ComputeHash(dst);
>
> //for asp.net version
> //HashAlgorithm algorithm = HashAlgorithm.Create( "SHA1");
> //byte[] inArray = algorithm.ComputeHash(dst);
>
> return Convert.ToBase64String(inArray);
> }

Hi,
If it really is a hashing problem then I think Silverlight and .Net4 both have a concrete System.Security.Cryptograhy.SHA1ManagedClass. Maybe try using that in the ASP.NET version as well?

Out of curiosity why are you encoding the password as well as hashing (and of what use is 'dst' since I can't see how you can reverse the process to get anything useful) ?