Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

MD5CryptoServiceProvider in ASP.NET Core

Tags:

c#

asp.net-core

encryption

I have a database with passwords created in the old Identity system. Passwords were hashed using the MD5CryptoServiceProvider class. I now need to use these passwords in ASP.NET MVC Core but MD5CryptoServiceProvider doesn't exist.

In .NET Framework the function I used to compute the hashes is:

public static string CreateHash(string unHashed)
{
    var x = new System.Security.Cryptography.MD5CryptoServiceProvider();
    var data = Encoding.ASCII.GetBytes(unHashed);
    data = x.ComputeHash(data);
    return Encoding.ASCII.GetString(data);
}

I've tried the following two functions in ASP.NET Core:

public static string CreateHash(string unHashed)
{
    var x = new System.Security.Cryptography.HMACMD5();
    var data = Encoding.ASCII.GetBytes(unHashed);
    data = x.ComputeHash(data);
    return Encoding.ASCII.GetString(data);
}

and

public static string MD5Hash(string input)
{
    using (var md5 = MD5.Create())
    {
        var result = md5.ComputeHash(Encoding.ASCII.GetBytes(input));
        var strResult = BitConverter.ToString(result);
        return strResult.Replace("-", "");
    }
}

Neither method returns the same string that MD5CryptoServiceProvider class does in the first method. I can't change the entire database to use new passwords.

Any fix to this?

like image 613
Yuri Morales Avatar asked Nov 04 '16 20:11

Yuri Morales

1 Answers

There are two issues here:

First, you are using different methods to convert the byte array back into a string. In your first and second methods, you use 

return Encoding.ASCII.GetString(data);

In your third method, you use:

var strResult = BitConverter.ToString(result);
return strResult.Replace("-", "");

These do not output the same results.

Second, while the hash functions used in the first and third examples are indeed identical, the method used in the second example is not.

In short, to get what you want, use the third option, but use the same method to convert it back into a string that you used in the first example (if that is what you had previously been using):

public static string MD5Hash(string input)
{
    using (var md5 = MD5.Create())
    {
        var result = md5.ComputeHash(Encoding.ASCII.GetBytes(input));
        return Encoding.ASCII.GetString(result);
    }
}
like image 88
Brett Wolfington Avatar answered Sep 18 '22 11:09

Brett Wolfington
Sign in to Comment

Related questions

Is datetime struct or class in C#? [closed]
Regex to extract date time from given string
DateTime fails to parse 24:00:00 in the HH:mm:ss format
DateTime.Now.AddDays(-1) will get date-time for exactly 24hrs ago, but how do I get the time for yesterday at a specific hour?
what is the difference between the keywords default and new
Trying to set the decimal separator for the current language, getting "Instance is read Only"
In C# are the `using` directives of the base class inherited by the child class?
Web Api Help Page - Show only some controllers but no others
How to implement INotifyPropertyChanged with nameof rather than magic strings?
Factory Pattern to build many derived classes
MVC System.Web.HttpCompileException on Html.RenderPartial
Use jQuery to post data to MVC action method
Where clause in Linq in List c#
How can I stop async Process by CancellationToken?
Compress size of image to 250kb using xamarin.forms without dependency service
How to get public URL after uploading image to S3?
TimeZoneInfo.FindSystemTimeZoneById() throws exception in a Unity application
Datepicker: How to popup datepicker when click on edittext using C# xamarin
Sending empty array to webapi
Asynchronous foreach

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!