I have an existing table that has 100 users and passwords. The data type is a varchar. I just created an asp.net mvc application and I want to convert the password to aspnet_membership table.
How do I convert varchar password on SQL level as "Password" and "Passwordsalt" in aspnet_membership table?
Its not possible at a SQL level, but with some C# code there are 2 posible techniques.
Simplest is to write a process to read through your existing table, and call Membership.CreateUser for each of the users, and the membership provider will create the user records for you, including the password & salt.
Alternatively, create yourself a dummy user, then wrote a process to change the password of the dummy user to the value from your existing users, and read the value from the aspnet_membership table. I have code that does this if you're interested.
Password & PasswordSalt part are not processed and created at "SQL Level" If you look closely to the asp.net membership database - tables / stored procedures / other objects. Then you will fine that there are two stored procedure (sp for short) to create User in asp.net membership database tables.
This sps will create user entry in aspnet_Membership & aspnet_Users table respectively. ASP.Net membership works on web.config file setting that you setup. Example default webconfig entry will something like this -
<authentication mode="Forms"> // If you are using Form authentication
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" passwordFormat="Encrypted" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
Here in this setting section the attribute "passwordFormat" set the way your user password is stored. Options are - Clear (0), Hashed (1), Encrypted (2)
By default it will be having hashed value - or if u have not specified passwordFormat.
In clear text the password will saved as it is - Text clear - readable.
In Hashed option the password will not be (Encrypted) only encoded using Hashing alogorithm
In Encrypted option the password will be stored with first Encrypting the password and then encoding it.
In Encrypted option u need to specify the a non-auto generated "machine key" and store in the machine config To get one refer : Get a non-autogenerated machine key
and talking about the password salt - its just randomly generated string which is used to Encrypt and encode the password along with the Validation & Decryption Key.
If you want to overide the encrypting method of asp.net membership provider to encode youself (if using custome membership provider) you can do something like this
private string EncodePassword(byte passFormat, string passtext, string passwordSalt)
{
if(passFormat.Equals(0)) // passwordFormat="Clear" (0)
return passtext;
else{
byte[] bytePASS = Encoding.Unicode.GetBytes(passtext);
byte[] byteSALT = Convert.FromBase64String(passwordSalt);
byte[] byteRESULT = new byte[byteSALT.Length + bytePASS.Length + 1];
System.Buffer.BlockCopy(byteSALT, 0, byteRESULT, 0, byteSALT.Length);
System.Buffer.BlockCopy(bytePASS, 0, byteRESULT, byteSALT.Length, bytePASS.Length);
if(passFormat.Equals(1)) // passwordFormat="Hashed" (1)
{
HashAlgorithm ha = HashAlgorithm.Create(Membership.HashAlgorithmType);
return (Convert.ToBase64String(ha.ComputeHash(byteRESULT)));
}
else // passwordFormat="Encrypted" (2)
{
MyCustomMembership myObj = new MyCustomMembership();
return(Convert.ToBase64String(myObj.EncryptPassword(byteRESULT)));
}
}
}
and then call with something like this
string passSalt = // Either generate a random salt for that user or retrieve the salt from database if the user is in edit and has a password salt
EncodePassword(/* 0 or 1 or 2 */, passwordText, passSalt);
hope this help you to complete you business need.
Regard, J'Sinh