tsql - Generate ASP.Net Membership password hash in pure T-SQL -


i'm attempting create pure t-sql representation of default sha-1 password hashing in asp.net membership system. ideally, this:

username           password              generatedpassword cbehrens           34098kw4d+fkj==       34098kw4d+fkj==

note: that's bogus base-64 text there. i've got base64_encode , decode functions round-trip correctly. here's attempt, doesn't work:

select username, password, dbo.base64_encode(hashbytes('sha1', dbo.base64_decode(passwordsalt) +  'test')) testpassword aspnet_users u join aspnet_membership m on u.userid = m.userid

i've tried number of variations on theme, no avail. need in pure t-sql; involving console app or double work.

so if can supply precisely syntax should duplicate password asp.net membership stuff, appreciate it.

if running 2005 or higher, can create clr (.net) udf:

[sqlfunction(   isdeterministic = true, isprecise = true,    dataaccess = dataaccesskind.none,   systemdataaccess = systemdataaccesskind.none )] public static string encodepassword(string pass, string salt) {   byte[] bytes = encoding.unicode.getbytes(pass);   byte[] src = convert.frombase64string(salt);   byte[] dst = new byte[src.length + bytes.length];   buffer.blockcopy(src, 0, dst, 0, src.length);   buffer.blockcopy(bytes, 0, dst, src.length, bytes.length);   using (sha1cryptoserviceprovider sha1 = new sha1cryptoserviceprovider()) {     return convert.tobase64string(sha1.computehash(dst));   } }

you need include following namespaces in class:

using microsoft.sqlserver.server; using system.data.sqltypes;

the class must public.

build .dll run following (per database want call udf) sql statement:

sp_configure 'clr enabled', 1 go reconfigure go  if object_id (n'dbo.encodepassword', n'fs') not null   drop function dbo.encodepassword;     if exists (select name sys.assemblies name='udf') drop assembly udf  create assembly udf 'full_path_to.dll' permission_set=safe     go  create function encodepassword(   @pass nvarchar(4000),   @salt nvarchar(4000) ) returns nvarchar(4000) -- return null if input parameter(s) null returns null on null input external name udf.[namespace.classname].encodepassword go

obviously, replace 'namespace.classname' namespace (if any) , name of class. , might want mess input parameter , return value sizes.

then call udf t-sql:

select username,password ,dbo.encodepassword('password', passwordsalt) testpassword  aspnet_users u  join aspnet_membership m on u.userid = m.userid

works me :)


Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

i working on website cms reads page name of query string, e.g. http://exmaple.com/?pagename . trying create rewrite rule rewrite ? . so, user types in /pagename , taken /?pagename try this: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^/?(.*) index.php?$1 [l]
Read more

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

i using bbpress installation without wordpress integration. the redirect of rewriteengine @ forum site works: rewriteengine on rewritecond %{http_host} ^forum.mysite.com$ rewriterule (.*)$ http://www.forum.mysite.com/$1 [r=301,l] the problem login pppress. bbpress login not recognize: http://www.forum.mysite/bb-login.php . it redirects to: http://forum.mysite.com/bb-login.php . i tried permalink settings none , name based, same issue. does uses redirect in bbpress or how can eliminate "double" content , redirect permanently www.? i redirected www.forum.mysite.com forum.mysite.com , achieved eliminate "double" content.
Read more

php - How can I stop spam on my custom forum/blog? -

so have custom built forum & blog system of late has been dealing lot of spam. if wordpress use akismet, if different common platform i'm sure i'd find plugin. there kind of static class can download this? using php. i'd still go akismet, if it. uses outside of wordpress, may have pay fee it, depending on use -- check terms , conditions -- it's option , easy implement in php using api. use api key wordpress. com account access. basically, grab whichever php client library takes fancy -- use alex potsides' php5 library -- plug in key, , it's handful of lines of code. here's bare bones of validation straight 1 of live sites: ... if ($akismet) { $akismet->setcommentauthor($name); $akismet->setcommentauthoremail($session->userinfo["email"]); $akismet->setcommentauthorurl(""); $akismet->setcommentcontent($sentence);...
Read more