Menu
I have the following code which creates a hash from a password and then compares it with a stored hashed password in the db. All works fine over http. This for an asp.net webforms application running under c# 4.0
HMACSHA1 hash = new HMACSHA1();
hash.Key = Encoding.Unicode.GetBytes(password);
encodedPassword = Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
However when running over https/ssl the encoded password is different and therefore the user cannot login.
Does the .net framework do something different when computing hash when going over SSL?
If I step through the code and copy the encoded password and update my db then over SSL I can login.
Any ideas?
Many thanks
325
Please try setting Globalization settings as defined in MSDN article at http://msdn.microsoft.com/en-CA/library/39d1w2xf%28v=vs.100%29.aspx
This will ensure that the hash.key is uniform across your application which in turn, will ensure that the computed hash is identical every time it is computed with a key.
128
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
