I’m building a web based user access system based on the asp.Net Membership, Roles, and Profile system. I’m able to create new user accounts with a SQL stored procedure. Now I’m trying to validate a user login working against the stored use account details.
My aspnet_Membership table contains Password (encoded), PasswordFormat (1), and PasswordSalt (encoded) fields, along with a number of other fields. The create new account stored procedure has, in part, the following code:
The unencoded salt gets encoded and saved, and this is the value in my table. Since the stored ‘salt’ value is encoded I’m not sure how to recreate the encoded password from the ‘ unencoded salt’ and the ‘clear text password’ that the user has just entered as they are logging in.
Any help would be appreciated.
Steve
My aspnet_Membership table contains Password (encoded), PasswordFormat (1), and PasswordSalt (encoded) fields, along with a number of other fields. The create new account stored procedure has, in part, the following code:
Code:
SET @PasswordFormat = 1 -- 0=Plain text, 1 = Hashed, 2 = Encrypted
SET @UnencodedSalt = NEWID()
SET @PasswordSalt = dbo.base64_encode(@UnencodedSalt)
-- Encode the password
SET @EncodedPassword = dbo.base64_encode(HASHBYTES('SHA1',
CAST(@UnencodedSalt AS varbinary(MAX))
+ CAST(@ClearTextPassword AS varbinary(MAX))))
Any help would be appreciated.
Steve