ASP.Net Membership Password Administration

by Cliff 22. February 2008

If you need to update user's passwords that are stored in the aspnet_Membership, the below code should help you accomplish this.

If you are using the default SqlMemberShip provider for authentication, you may have a need to manually reset a user's password.  In order to accomplish this, you can hash the password with a salt and then store the password and salt in the aspnet_Membership table.

string salt = GenerateSalt();
string password = EncodePassword("mypassword", 1, salt);

public string EncodePassword(string pass, int passwordFormat, string salt)

{

if (passwordFormat == 0) // MembershipPasswordFormat.Clear

return pass;

byte[] bIn = Encoding.Unicode.GetBytes(pass);

byte[] bSalt = Convert.FromBase64String(salt);

byte[] bAll = new byte[bSalt.Length + bIn.Length];

byte[] bRet = null;

System.Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);System.

Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);

if (passwordFormat == 1)

{ // MembershipPasswordFormat.Hashed

HashAlgorithm s = HashAlgorithm.Create(Membership.HashAlgorithmType);

bRet = s.ComputeHash(bAll);

}

else

{

//bRet = EncryptPassword(bAll);

}

return Convert.ToBase64String(bRet);

}

private string GenerateSalt()

{

byte[] buf = new byte[SALT_SIZE_IN_BYTES];

(new RNGCryptoServiceProvider()).GetBytes(buf);

return Convert.ToBase64String(buf);

}

 

Once you have the salt and password, you can store them in the database. 

 

UPDATE [aspnet_Membership] SET Password = [use the password hash from above],

PasswordSalt = [use salt from above] WHERE [UserId] = CAST('123456789...' as uniqueidentifier)

 

Finally you can now authenticate the user with a password of "mypassword".

 

Related posts

Comments are closed

Cliff Gray's Info

Cliff Gray
Developer/Founder GrayTechnology.com.

E-mail me Send mail

Authors

Calendar

<<  February 2020  >>
MoTuWeThFrSaSu
272829303112
3456789
10111213141516
17181920212223
2425262728291
2345678

View posts in large calendar

Blogroll

Download BlogEngine.NET

Download at CodePlex

Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2020

Subscribe