>>>>Has anyone actually managed to set a users' password (hashed) via aspnet_Membership_SetPassword in a silverlight app?
>>>>
>>>>I can do it in ASP.NET w/o problem. The System.Security.Cryptography class for ASP.NET seems to handle hashing (SHA1) exactly the way asp.net likes.
>>>>
>>>>System.Security.Cryptography in Silverlight naturally is different than the one available in asp.net. Using System.Security.Cryptography.SHA1Managed to hash a password generates what looks like a hash, but save it using aspnet_Membership_SetPassword and the user will not be able to log in again.
>>>>
>>>>So far, after most of the day spent searching/chasing dead ends/ etc I haven't found any code that actually works (in Silverlight).
>>>>
>>>>This is part of the Administration module I've been writing.
>>>>
>>>>for reference.. my password hasing classes..
>>>>
>>>> // This generates a secure 1 time salt to use when encrypting/assigning a password
>>>> public static string CreateSalt()
>>>> {
>>>> RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
>>>> byte[] buff = new byte[16]; // was [32]
>>>> rng.GetBytes(buff);
>>>> return Convert.ToBase64String(buff);
>>>> }
>>>>
>>>> //uses the Salt generated in CreateSalt to hash the passed-in password.
>>>> //The hashed password and the salt must be passed to aspnet_Membership_CreateUser to create the user
>>>> public static string EncodePassword(string pass, string salt)
>>>> {
>>>> byte[] bytes = Encoding.Unicode.GetBytes(pass);
>>>> byte[] src = Encoding.Unicode.GetBytes(salt);
>>>> byte[] dst = new byte[src.Length + bytes.Length];
>>>> System.Buffer.BlockCopy(src, 0, dst, 0, src.Length);
>>>> System.Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
>>>>
>>>> ////System.Security.Cryptography.
>>>> ////silverlight version
>>>>
>>>> SHA1 algorithm = new System.Security.Cryptography.SHA1Managed();
>>>> byte[] inArray = algorithm.ComputeHash(dst);
>>>>
>>>> //for asp.net version
>>>> //HashAlgorithm algorithm = HashAlgorithm.Create( "SHA1");
>>>> //byte[] inArray = algorithm.ComputeHash(dst);
>>>>
>>>> return Convert.ToBase64String(inArray);
>>>> }
>>>
>>>Hi,
>>>If it really is a hashing problem then I think Silverlight and .Net4 both have a concrete System.Security.Cryptograhy.SHA1ManagedClass. Maybe try using that in the ASP.NET version as well?
>>>
>>>Out of curiosity why are you encoding the password as well as hashing (and of what use is 'dst' since I can't see how you can reverse the process to get anything useful) ?
>>
>>Addendum to the reply I just sent you in another thread: and may 2012 be the year you finally receive the MVP you have long deserved. I read everything you post about C#, .NET in general, WPF, and Silverlight, even though I grok only a percentage of it. It's always a pleasure to listen to anyone whose knowledge is authoritative (on whatever subject matter)
>
>Authoritive doesn't always equate to right :-}
>
>> and who is happy to share it without expectation of personal reward. That is my image of an MVP, as a matter of fact.
>
>I think we've been here before. I've honestly no interest in becoming a MVP. And I agree with others - it should take a lot more than attempting to answer a few questions on this (or any) forum.....

Yes, we have been here before. Never underestimate the power of persistence ;-)

An honest compliment is always a pleasure to give. What I said to you and have said before was sincere. As far as the MVP stuff, I will drop it.

PS -- I don't imagine there are a lot of .NET user groups or code camps in Wales (could be wrong) but you can always do some professional writing. My advice, unsolicited: pick a relatively small topic and wring the daylights out of it. Poke in nooks and crannies that even most Sermon On The Mount gurus didn't know.