Search code examples
c#asp.net-mvccryptographyasp.net-identity

Converting Asp.net Membership to identity.How to verify Encrypted type format password into mvc identity

As per my understanding there are 3 password formats in mvc identity.

  1. Clear- 0
  2. Hashed - 1
  3. Encrypted - 2

I am using .net mvc Identity 2 in my web application, and passwords are stored in encrypted (i.e 2) format in database

EDIT :

enter image description here

I wants to convert Encrypted type format password into Hashed type format in C# code

Please let me know if any further information require

Thank you.

Solution

  • I got the solution of my own question, got a plain text by passing encrypted password. my question was how to convert encrypted type password to hashed type,but i got this solution (converted encrypted password to plain text) and my main aim was how to validate user with his password and its worked.

    public class SqlMembershipProviderHelper : SqlMembershipProvider
    {
        /// <summary>
        /// Used for decrypt password into plain text from encrypted type password
        /// </summary>
        /// <param name="encryptedPwd"></param>
        /// <returns></returns>
        public string GetClearTextPassword(string encryptedPwd)
        {
            byte[] encodedPassword = Convert.FromBase64String(encryptedPwd);
            byte[] bytes = this.DecryptPassword(encodedPassword);
            if (bytes == null)
            {
                return null;
            }
            return Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10);
        }
    }

    Gets plain text by passing encrypted password and checked whether its validate or not

    SqlMembershipProviderHelper sqlmembershipproviderhelper = new SqlMembershipProviderHelper();
var existingPassword = sqlmembershipproviderhelper.GetClearTextPassword(password);
if (String.Equals(existingPassword , providedPasswordByUser, StringComparison.CurrentCultureIgnoreCase))
{
      return PasswordVerificationResult.SuccessRehashNeeded;
}
else
{
      return PasswordVerificationResult.Failed;
}

    In webconfig added machine key

    <machineKey validationKey="1F82037DAE0E261ADEB1197B05F509D7043980F8060B712D255C98E3D606BB45183D3FF28839E90FD39618906469079DC6F3661704CC4E4D138179887B93D68E" decryptionKey="AFCF1E96D1734FADD42F1CECBFD7950B702F683A798905A5D1B281FACF258885" validation="SHA1" decryption="AES"/>