I'm experiencing some problems while trying to authenticate users against existing ASP.NET membership databases using PHP I have searched the web and the current answers I have received are not working for me. I.e.:
public static function hash ($ password, $ salt) {$ decodedSalt = base64_decode ($ salt); $ Utf = mb_convert_encoding ($ password, 'UTF-16LE', 'UTF-8'); Return base64_encode (sha1 ($ decodedSalt. Utf, true)); } I think that part of this issue is that password hash is not actually counting with SHA-1 because the values in the database are 44 characters, base64 encoded strings (Which means that input is probably 256 bit long). I tried to use SHA-256 instead of SHA-1, but there is no use. I can not find the key of the machine in web.config, which also wants to bring the hash forward, and when I run locally or on the production server, the ASP.Net site generates the same handles, so I do not know Why they are not Web.config subscription providers:
& lt; Add plus connectionStringName = "MySqlMembershipConnection" enabled PasswordRetrieval = "false" enablePasswordReset = "true" requires question and answer = "wrong" UniqueEmail = "true" passwordFormat = "Hashed" maxInvalidPasswordAttempts = "5" minRequiredPasswordLength = "6" minRequiredNonalphanumericCharacters = "0" passwordAttemptWindow = "10" applicationName = "/" autogenerateschema = "true" name = "MySqlMembershipProvider" type = "MySql Web.Security.MySQLMembershipProvider, mysql.web" / & gt; Example password should work: $ salt = 'Mu1tp8XzfKl8dSTVAZm44A =='; // = 'test' directly with DB $ password; Hash = 'rpmTmtBfWoJz71ooQGQUIIyQJKd99qhYxMUI1yda0qE =' Thoughts? Any idea why my hash does not match with DB (and why / how does it work when entering through ASP.NET site)? I have tried to swap the hash function, have put behind the password / salt combination, and shouting loudly while killing my computer and none of them help.
I took a look at the authentication question page you linked and a special answer captured my attention have done:.
Because you said that the algorithm was no longer used SHA1 but more probably SHA256 I started experimenting with HMAC hash, instead of SHA256 it was not already working, but then both of them Using the substrate string, try to use password and salt with the addition of salt (= key), and it works.
Here's the simple task I made:
function _ hash ($ password, $ salt) {return base64_encode (hash_hmac ('sha256', base64_decode ($ salt) . Iconv ('UTF-8', 'UTF-16LE', $ password), base64_decode ($ salt), true)); } $ Salt = 'Mu1tp8XzfKl8dSTVAZm44A =='; // = 'test' directly with DB $ password; Var_dump (_hash ($ password, $ salt)); Result hash: TQN7m8OWIyBOKVwzgWSUBVq7o7 + KWFBc46J + B77mLw =
No comments:
Post a Comment