Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET Membership - Retrieve Password and PasswordSalt from Membership Table - Hash UserID

I am so close to get this project done. I need to retrieve the password and passwordSalt from my Membership table to compare it to my 'OldPasswords' table.

The problem is the Membership provider does not let me use the GetPassword method because the password is hashed.

And I can not retrieve it in a normal sqlConnection because the UserID is hashed also.

Does anyone know how to hash the UserID so I can put it in my where clause?

Or maybe there is a different way to get to that data?

Any help is appreciated.

Thank you,

Steve

like image 780
Steve Avatar asked Dec 22 '22 03:12

Steve


1 Answers

Steve, the UserId is not hashed. You may be confusing UserName with UserId (ProviderUserKey) which is a Guid.

In the context of your other questions: You should reference this code in both the code that you use to create a new user in order to log the initial password hash, salt and format AND in the OnPasswordChanging so that you can check/reject/insert.

This will get the relevant information for the currently logged in user:

var user = Membership.GetUser();
var userId = user.ProviderUserKey;

MembershipPasswordFormat passwordFormat;
string passwordSalt;
string password;

var cstring = WebConfigurationManager.ConnectionStrings["localSqlServer"];
using (var conn = new SqlConnection(cstring.ConnectionString))
{
    using (var cmd = conn.CreateCommand())
    {
        cmd.CommandText = "select PasswordFormat,PasswordSalt,Password from aspnet_Membership where UserId=@UserId";
        cmd.Parameters.AddWithValue("@UserId", userId);
        conn.Open();
        using (var rdr = cmd.ExecuteReader())
        {
            if (rdr != null && rdr.Read())
            {
                passwordFormat = (MembershipPasswordFormat) rdr.GetInt32(0);
                passwordSalt = rdr.GetString(1);
                password = rdr.GetString(2);
            }
            else
            {
                throw new Exception("An unhandled exception of type 'DoesntWorkException' has occured");
            }
        }
    }
}

//do something interesting hew with passwordFormat, passwordSalt , password 
like image 71
Sky Sanders Avatar answered May 03 '23 05:05

Sky Sanders