Menu
I need to authenticate against an ASP.NET membership table in php. The membership api is configured to use a hashed password.
Can someone kindly give me the php to hash the password that came from a login form and compare it to the sql field?
I know the password that I'm passing in is correct, but it's not hashing the same.
private function Auth( $username, $password )
{
// Hashed password in db
$hash = $this->parent->_memberData['conv_password'];
// password passed from form
$bytes = mb_convert_encoding($password, 'UTF-7');
// Salt from db
$salt = base64_decode($this->parent->_memberData['misc']);
// hash password from form with salt
$hashedpassword = base64_encode(sha1($salt . $bytes, true));
// Test em out
if ($hashedpassword == $hash)
{
$this->return_code = "SUCCESS";
return true;
}
else
{
$this->return_code = "WRONG_AUTH";
return false;
}
}
UPDATE:
I've tried different encodings with same results. UTF-7, UTF-8, and UTF-16.
UPDATE: I've been battling this for a week now. Bounty coming right up...
Here's the .net code in the form of a unit test. The unit test works and the values are straight out of the database. What's the correct translation of this code to php?
public void EncodePassword()
{
string expected = "aP/mqBu3VkX+rIna42ramuosS3s=";
string salt = "urIaGX0zd/oBRMDZjc1CKw==";
string pass = "Comeonman";
byte[] bytes = Encoding.Unicode.GetBytes(pass);
byte[] numArray = Convert.FromBase64String(salt);
byte[] numArray1 = new byte[(int)numArray.Length + (int)bytes.Length];
byte[] numArray2 = null;
Buffer.BlockCopy(numArray, 0, numArray1, 0, (int)numArray.Length);
Buffer.BlockCopy(bytes, 0, numArray1, (int)numArray.Length, (int)bytes.Length);
HashAlgorithm hashAlgorithm = HashAlgorithm.Create("SHA1");
if (hashAlgorithm != null)
{
numArray2 = hashAlgorithm.ComputeHash(numArray1);
}
Assert.AreEqual(Convert.ToBase64String(numArray2), expected);
}
755
The ASP.NET membership provider is a feature that enables ASP.NET developers to create Web sites that allow users to create unique user name and password combinations. With this facility, any user can establish an account with the site, and sign in for exclusive access to the site and its services.
To create a user in our application by using ASP.NET Membership we need the following steps to complete this process. Step 1: Firstly, open visual studio, then go to File Menu and click New -> Web Site. Step 2: After open the new empty website and add a new item Login. aspx in Registration inside Solution Explorer.
The Membership class is used in ASP.NET applications to validate user credentials and manage user settings such as passwords and email addresses. The Membership class can be used on its own, or in conjunction with the FormsAuthentication to create a complete system for authenticating users of a Web application or site.
The membership element is a sub-element of the system. web section. You can enable ASP.NET Membership for an application by directly editing the Web. config file for that application, or you can use the Web Site Administration Tool, which provides a wizard-based interface.
$password = 'Comeonman';
$salt = base64_decode('urIaGX0zd/oBRMDZjc1CKw==');
$utf16Password = mb_convert_encoding($password, 'UTF-16LE', 'UTF-8');
echo base64_encode(sha1($salt.$utf16Password, true));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
