ASP.Net Membership Password Administration

by Cliff 22. February 2008

If you need to update user's passwords that are stored in the aspnet_Membership, the below code should help you accomplish this.

If you are using the default SqlMemberShip provider for authentication, you may have a need to manually reset a user's password.  In order to accomplish this, you can hash the password with a salt and then store the password and salt in the aspnet_Membership table.

string salt = GenerateSalt();
string password = EncodePassword("mypassword", 1, salt);

public string EncodePassword(string pass, int passwordFormat, string salt)

{

if (passwordFormat == 0) // MembershipPasswordFormat.Clear

return pass;

byte[] bIn = Encoding.Unicode.GetBytes(pass);

byte[] bSalt = Convert.FromBase64String(salt);

byte[] bAll = new byte[bSalt.Length + bIn.Length];

byte[] bRet = null;

System.Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);System.

Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);

if (passwordFormat == 1)

{ // MembershipPasswordFormat.Hashed

HashAlgorithm s = HashAlgorithm.Create(Membership.HashAlgorithmType);

bRet = s.ComputeHash(bAll);

}

else

{

//bRet = EncryptPassword(bAll);

}

return Convert.ToBase64String(bRet);

}

private string GenerateSalt()

{

byte[] buf = new byte[SALT_SIZE_IN_BYTES];

(new RNGCryptoServiceProvider()).GetBytes(buf);

return Convert.ToBase64String(buf);

}

 

Once you have the salt and password, you can store them in the database. 

 

UPDATE [aspnet_Membership] SET Password = [use the password hash from above],

PasswordSalt = [use salt from above] WHERE [UserId] = CAST('123456789...' as uniqueidentifier)

 

Finally you can now authenticate the user with a password of "mypassword".

 

Comments are closed

Cliff Gray's Info

Cliff Gray
Developer/Founder GrayTechnology.com.

E-mail me Send mail

Authors

Calendar

<<  October 2021  >>
MoTuWeThFrSaSu
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567

View posts in large calendar

Blogroll

Download BlogEngine.NET

Download at CodePlex

Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2021

Subscribe