tags:

views:

88

answers:

2
+1  Q: 

Retrieve ASP.Net AutoGenerated MachineKey

I have a .Net 1.1 app that must be upgraded to 2.0. The application encrypts passwords in the database using MD5CryptoServiceProvider. After I upgraded to 2.0, the MD5 value was different. In the machine.config, the machinekey was set to autogenerate.

Is there a way to retrieve this key?

+1  A: 

Yes, you can with a bit of reflection, see here for details and code :)

Though, I'm not sure that MD5CryptoServiceProvider actually uses the machine key, I thought it was independent, someone correctly me in comments?

Nick Craver  2010-03-22 19:33:58
when i convert the virtual directory to 2.0, the encryption breaks. is there anyway to get this without code?
Jared  2010-03-22 20:36:24
@Jared - Not that I'm aware of, but any .Net application on the machine can run the code, a small console app for example would work to display the key.
Nick Craver  2010-03-22 20:45:43
@Jared - Way to break the comment box width! Can you post example code that has the result changing, AFAIK MD5 doesn't depend on any key, it's a standardized hash: http://en.wikipedia.org/wiki/MD5 But...I'm not all that familiar with the Crypto providers in .Net (not much use to me as of yet), so maybe it's some variant that's not actually just an MD5 hash.
Nick Craver  2010-03-22 20:57:12
@Nick sorry about that.here's the code. like i said before, it's a 1.1 application upgraded to 2.0. var encryptionServiceProvider = new MD5CryptoServiceProvider(); var bytes = ASCIIEncoding.ASCII.GetBytes(inputString); var passwordHash = encryptionServiceProvider.ComputeHash(bytes);
Jared  2010-03-22 21:00:28
A: 

The System.Security.Cryptography.MD5CryptoServiceProvider doesn't rely on the ASP.NET system.web/machineKey settings. These are used to control tamper proofing and encryption of ViewState, forms authentication tickets, and role cookies (How To: Configure MachineKey in ASP.NET 2.0).

I just compiled a simple console application under .NET 1.1 and 2.0 that performs a MD5 hash and they both produce the same value. I ran these applications on two different machines (one with autogenerated machine keys, and one with hard coded keys), again, identical results.

This sounds like the Encoding used is possibly different, i.e. the 1.1 application is using ASCIIEncoding and the 2.0 application is using Unicode.

Another thing to check is if the method you're using a uses salt that you've forgotten about, that would certainly cause different hashes to be generated.

Kev  2010-03-23 03:27:43
You're exactly right. The ASCIIEncoding class was implemented differently in 2.0 than 1.1.
Jared  2010-03-23 13:56:17
@Jared - yay!...you know you can upvote a correct answer as well if you really like it :)
Kev  2010-03-23 14:04:40

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps