>>>>Has anyone actually managed to set a users' password (hashed) via aspnet_Membership_SetPassword in a silverlight app?
>>>>
>>>>I can do it in ASP.NET w/o problem. The System.Security.Cryptography class for ASP.NET seems to handle hashing (SHA1) exactly the way asp.net likes.
>>>>
>>>>System.Security.Cryptography in Silverlight naturally is different than the one available in asp.net. Using System.Security.Cryptography.SHA1Managed to hash a password generates what looks like a hash, but save it using aspnet_Membership_SetPassword and the user will not be able to log in again.
>>>>
>>>>So far, after most of the day spent searching/chasing dead ends/ etc I haven't found any code that actually works (in Silverlight).
>>>>
>>>>This is part of the Administration module I've been writing.
>>>>
>>>>for reference.. my password hasing classes..
>>>>
>>>> // This generates a secure 1 time salt to use when encrypting/assigning a password
>>>> public static string CreateSalt()
>>>> {
>>>> RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
>>>> byte[] buff = new byte[16]; // was [32]
>>>> rng.GetBytes(buff);
>>>> return Convert.ToBase64String(buff);
>>>> }
>>>>
>>>> //uses the Salt generated in CreateSalt to hash the passed-in password.
>>>> //The hashed password and the salt must be passed to aspnet_Membership_CreateUser to create the user
>>>> public static string EncodePassword(string pass, string salt)
>>>> {
>>>> byte[] bytes = Encoding.Unicode.GetBytes(pass);
>>>> byte[] src = Encoding.Unicode.GetBytes(salt);
>>>> byte[] dst = new byte[src.Length + bytes.Length];
>>>> System.Buffer.BlockCopy(src, 0, dst, 0, src.Length);
>>>> System.Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
>>>>
>>>> ////System.Security.Cryptography.
>>>> ////silverlight version
>>>>
>>>> SHA1 algorithm = new System.Security.Cryptography.SHA1Managed();
>>>> byte[] inArray = algorithm.ComputeHash(dst);
>>>>
>>>> //for asp.net version
>>>> //HashAlgorithm algorithm = HashAlgorithm.Create( "SHA1");
>>>> //byte[] inArray = algorithm.ComputeHash(dst);
>>>>
>>>> return Convert.ToBase64String(inArray);
>>>> }
>>>
>>>Hi,
>>>If it really is a hashing problem then I think Silverlight and .Net4 both have a concrete System.Security.Cryptograhy.SHA1ManagedClass. Maybe try using that in the ASP.NET version as well?
>>>
>>>Out of curiosity why are you encoding the password as well as hashing (and of what use is 'dst' since I can't see how you can reverse the process to get anything useful) ?
>>
>>Addendum to the reply I just sent you in another thread: and may 2012 be the year you finally receive the MVP you have long deserved. I read everything you post about C#, .NET in general, WPF, and Silverlight, even though I grok only a percentage of it. It's always a pleasure to listen to anyone whose knowledge is authoritative (on whatever subject matter) and who is happy to share it without expectation of personal reward. That is my image of an MVP, as a matter of fact.
>
>
>Ain't gonna happen by just posting here. The emphasis is on community and presentations at code camps, user groups, writing, publishing, blogs, etc. UT just doesn't cut it in the grand scheme of things...(no disrepect to Michel intended, just stating the fact).

We have had this discussion before, John. Oh well. You can question a man's realism but you can't question his ideals.

Happy new year to you, too, and please give my regards to Kevin. That is not said ironically at all. I have always liked him, even at his most outrageous. Well, not always, but still. The last I heard from him was an email a few months ago when he asked / demanded to know what I knew about "Grover." I answered, truthfully, that I didn't know and have never thought it was him. The whole episode really made me sad. Being banned from the UT had obviously wounded him. I have no inside information, none whatsoever, but hope Michel was really, really, REALLY sure.