|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Password Hash Gives Different Results In C# And Classic ASP - Help !!!I have a website written in Classic ASP which creates user accounts and hashes passwords using CAPICOM and a C# website which also creates user account but hashes passwords using FormsAuthentication.HashPasswordForStoringInConfigFile. The problem is that because each system produces totally different results for the same password, authentication fails between the two systems. I have included my code below :- C# -- string hashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile("MyClearTextPassword", "SHA1"); Claasic ASP ----------- Function HashPassword(sPassword) Set HashedData = Server.CreateObject("CAPICOM.HashedData") HashedData.Algorithm = CAPICOM_HASH_ALGORITHM_SHA1 HashedData.Hash sPassword HashPassword = HashedData.Value Set HashedData = Nothing End Function HashedPassword = HashPassword("MyClearTextPassword") Could anyone please let me know how I can alter the code (preferably the Classic ASP) so that the hashed passwords being produced are the same ? Thanks in advance Possibly an issue with CAPICOM by default hashing Unicode representation
of string (i.e. twice the number of bytes). Here is a CAPICOM utility to check this, with a converter utility for CAPICOM. - Mitch Gallant MVP Security --------- CAPICOM Script for hashing both unicode and ascii string ----------- Option Explicit Dim oHash, oUtils, hContent, hAContent, hashvalue, decHash, decAHash Const CAPICOM_HASH_ALGORITHM_SHA1 = 0 Set oHash = CreateObject("CAPICOM.HashedData") Set oUtils = CreateObject("CAPICOM.Utilities") '--- Hash the Unicode string bytes --- hContent = "Data to hash" oHash.Algorithm = CAPICOM_HASH_ALGORITHM_SHA1 oHash.Hash hContent hashvalue = oHash.Value WScript.Echo "Unicode Hash of '" & hContent & "'" & vbCrLf & hashvalue decHash = oUtils.HextoBinary(hashvalue) WScript.Echo "Decoded hex hash length " & Lenb(decHash) & " bytes" WScript.Echo vbCrLf '--- Now hash the ASCII bytes ---- hAContent = MyStrConv(hContent) oHash.Hash hAContent hashvalue = oHash.Value WScript.Echo "ASCII Hash of '" & hContent & "'" & vbCrLf & hashvalue decAHash = oUtils.HextoBinary(hashvalue) WScript.Echo "Decoded ASCII hash length " & Lenb(decAHash) & " bytes" Set oHash = nothing Set oUtils = nothing ' -- Vbs function like StrConv() to convert Unicode string to ASCII -- Function MyStrConv(Ustr) Dim i Dim ch MyStrConv = "" For i = 1 to Len(Ustr) ch = Mid(Ustr, i, 1) MyStrConv = MyStrConv & ChrB(AscB(ch)) Next End Function -------- End Capicom script ------------------------ Show quoteHide quote <Fresh_Air_Ri***@Hotmail.com> wrote in message news:1118690663.307147.97650@g44g2000cwa.googlegroups.com... > Hi > > I have a website written in Classic ASP which creates user accounts and > hashes passwords using CAPICOM and a C# website which also creates user > account but hashes passwords using > FormsAuthentication.HashPasswordForStoringInConfigFile. > > The problem is that because each system produces totally different > results for the same password, authentication fails between the two > systems. > > I have included my code below :- > > C# > -- > > string hashedPassword > = FormsAuthentication.HashPasswordForStoringInConfigFile("MyClearTextPassword", > "SHA1"); > > > Claasic ASP > ----------- > > Function HashPassword(sPassword) > Set HashedData = Server.CreateObject("CAPICOM.HashedData") > HashedData.Algorithm = CAPICOM_HASH_ALGORITHM_SHA1 > HashedData.Hash sPassword > HashPassword = HashedData.Value > Set HashedData = Nothing > End Function > > HashedPassword = HashPassword("MyClearTextPassword") > > Could anyone please let me know how I can alter the code (preferably > the Classic ASP) so that the hashed passwords being produced are the > same ? > > Thanks in advance > Hi Mitch
Thanks very much for a very prompt and detailed reply which I will certainly try out. Many thanks once again. David Hi Mitch
I've just tried your suggestion and it worked a treat. Absolutely fantastic and I hope that it hopes others in the same position. Many thanks David 
Other interesting topics
Appdomain.CreateDomain throws SecurityException
Help with CryptoStream and incomplete files... session manager vs Form authentication in the Global.asax.cs file Provide grouped security NTFS ACLs from C# (Whidbey) ASP.NET Authuntication & Authorization policy files and .Net Configuration tool? Sharing login across applications Authorization Manager/Windows 2000/ASP.NET throwing UnauthorizedAc Impersonation question |
|||||||||||||||||||||||
