We have a legacy desktop application that stores plain text passwords in a users table. I have created web version of the same on asp.net mvc 4.5.
I am using asp.net identity 2.0, and have virtually linked aspnetusers table to users table. I do this by running a script that inserts all users from users table into aspnetusers table and the ids remain same in both tables. [I cannot even add a single column into the existing table to make it work with asp.net identity.]
Our requirement is that passwords will be same for both web and desktop applications.
Now my problem is how do i create a hash of all those passwords and put them into password hash of aspnetusers table. How does asp.net identity do it? Can i replicate that same mechanism in sql so whenever a password change happens in users table, i can run a trigger and recalculate the hash for my aspnetusers table?
I found the answer here
public static string HashPassword(string password)
{
byte[] salt;
byte[] buffer2;
if (password == null)
{
throw new ArgumentNullException("password");
}
using (Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(password, 0x10, 0x3e8))
{
salt = bytes.Salt;
buffer2 = bytes.GetBytes(0x20);
}
byte[] dst = new byte[0x31];
Buffer.BlockCopy(salt, 0, dst, 1, 0x10);
Buffer.BlockCopy(buffer2, 0, dst, 0x11, 0x20);
return Convert.ToBase64String(dst);
}