>>>Has anyone actually managed to set a users' password (hashed) via aspnet_Membership_SetPassword in a silverlight app?
>>>
>>>I can do it in ASP.NET w/o problem. The System.Security.Cryptography class for ASP.NET seems to handle hashing (SHA1) exactly the way asp.net likes.
>>>
>>>System.Security.Cryptography in Silverlight naturally is different than the one available in asp.net. Using System.Security.Cryptography.SHA1Managed to hash a password generates what looks like a hash, but save it using aspnet_Membership_SetPassword and the user will not be able to log in again.
>>>
>>>So far, after most of the day spent searching/chasing dead ends/ etc I haven't found any code that actually works (in Silverlight).
>>>
>>>This is part of the Administration module I've been writing.
>>>
>>>for reference.. my password hasing classes..
>>>
>>> // This generates a secure 1 time salt to use when encrypting/assigning a password
>>> public static string CreateSalt()
>>> {
>>> RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
>>> byte[] buff = new byte[16]; // was [32]
>>> rng.GetBytes(buff);
>>> return Convert.ToBase64String(buff);
>>> }
>>>
>>> //uses the Salt generated in CreateSalt to hash the passed-in password.
>>> //The hashed password and the salt must be passed to aspnet_Membership_CreateUser to create the user
>>> public static string EncodePassword(string pass, string salt)
>>> {
>>> byte[] bytes = Encoding.Unicode.GetBytes(pass);
>>> byte[] src = Encoding.Unicode.GetBytes(salt);
>>> byte[] dst = new byte[src.Length + bytes.Length];
>>> System.Buffer.BlockCopy(src, 0, dst, 0, src.Length);
>>> System.Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
>>>
>>> ////System.Security.Cryptography.
>>> ////silverlight version
>>>
>>> SHA1 algorithm = new System.Security.Cryptography.SHA1Managed();
>>> byte[] inArray = algorithm.ComputeHash(dst);
>>>
>>> //for asp.net version
>>> //HashAlgorithm algorithm = HashAlgorithm.Create( "SHA1");
>>> //byte[] inArray = algorithm.ComputeHash(dst);
>>>
>>> return Convert.ToBase64String(inArray);
>>> }
>>
>>Hi,
>>If it really is a hashing problem then I think Silverlight and .Net4 both have a concrete System.Security.Cryptograhy.SHA1ManagedClass. Maybe try using that in the ASP.NET version as well?
>>
>>Out of curiosity why are you encoding the password as well as hashing (and of what use is 'dst' since I can't see how you can reverse the process to get anything useful) ?
>
>Addendum to the reply I just sent you in another thread: and may 2012 be the year you finally receive the MVP you have long deserved. I read everything you post about C#, .NET in general, WPF, and Silverlight, even though I grok only a percentage of it. It's always a pleasure to listen to anyone whose knowledge is authoritative (on whatever subject matter)
Authoritive doesn't always equate to right :-}
> and who is happy to share it without expectation of personal reward. That is my image of an MVP, as a matter of fact.
I think we've been here before. I've honestly no interest in becoming a MVP. And I agree with others - it should take a lot more than attempting to answer a few questions on this (or any) forum.....
Previous
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only
