Hi
I encrypted the password and updating the aspnet membership table but I cannot login with the changed password. Could anyone help to solve this problem
Here is my code
Private Sub cmdLogin_Click(ByVal sender As Object, ByVal e As EventArgs) Handles cmdLogin.Click
If (UseCaptcha And ctlCaptcha.IsValid) OrElse (Not UseCaptcha) Then
Dim loginStatus As UserLoginStatus = UserLoginStatus.LOGIN_FAILURE
Dim objUser As UserInfo = UserController.ValidateUser(PortalId, txtUsername.Text, txtPassword.Text, "DNN", txtVerification.Text, PortalSettings.PortalName, IPAddress, loginStatus)
Dim authenticated As Boolean = Null.NullBoolean
Dim message As String = Null.NullString
'if login status failed then i am checking the user password with other db user password which is MD5
If loginStatus = UserLoginStatus.LOGIN_FAILURE Then
Dim oUserInfo As New UserInfo()
Dim md5Hasher As New MD5CryptoServiceProvider()
Dim con As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("SiteSqlServer").ConnectionString)
con.Open()
Dim Password As String = txtPassword.Text
Dim hashedBytes As [Byte]()
Dim encoder As UTF7Encoding = New UTF7Encoding()
hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(Password))
Password = BitConverter.ToString(hashedBytes)
Password = Password.ToString.Replace("-", "").ToLower
Dim isMatch As Boolean = False
Dim cmdd As New SqlCommand(String.Format("select * from Users_Old where Username='{0}'", txtUsername.Text), con)
Dim dr As SqlDataReader = cmdd.ExecuteReader()
While dr.Read()
If dr("password").ToString = Password.ToString Then
isMatch = True
End If
End While
dr.Close()
con.Close()
'if the MD5 password matches then i am encrypting the password to SHA1
If isMatch Then
oUserInfo = DotNetNuke.Entities.Users.UserController.GetUserByName(PortalSettings.PortalId, txtUsername.Text)
Dim mempass As String = ComputeHash(txtPassword.Text, "SHA1", Nothing)
con.Open()
Dim str As String = "Update aspnet_Membership set Password= '" & mempass & "' where Email= '" & oUserInfo.Email & "'"
Dim cm As New SqlCommand(String.Format(str), con)
Dim res As Boolean = cm.ExecuteNonQuery()
If res Then
loginStatus = UserLoginStatus.LOGIN_SUCCESS
End If
End If
End If
If loginStatus = UserLoginStatus.LOGIN_USERNOTAPPROVED Then
'Check if its the first time logging in to a verified site
If PortalSettings.UserRegistration = PortalRegistrationType.VerifiedRegistration Then
If Not rowVerification1.Visible Then
'Display Verification Rows so User can enter verification code
rowVerification1.Visible = True
rowVerification2.Visible = True
message = "EnterCode"
Else
If txtVerification.Text <> "" Then
message = "InvalidCode"
Else
message = "EnterCode"
End If
End If
Else
message = "UserNotAuthorized"
End If
Else
authenticated = (loginStatus <> UserLoginStatus.LOGIN_FAILURE)
End If
'Raise UserAuthenticated Event
Dim eventArgs As UserAuthenticatedEventArgs = New UserAuthenticatedEventArgs(objUser, txtUsername.Text, loginStatus, "DNN")
eventArgs.Authenticated = authenticated
eventArgs.Message = message
OnUserAuthenticated(eventArgs)
End If
End Sub
Public Shared Function ComputeHash(ByVal plainText As String, _
ByVal hashAlgorithm As String, _
ByVal saltBytes() As Byte) _
As String
' If salt is not specified, generate it on the fly.
If (saltBytes Is Nothing) Then
' Define min and max salt sizes.
Dim minSaltSize As Integer
Dim maxSaltSize As Integer
minSaltSize = 4
maxSaltSize = 8
' Generate a random number for the size of the salt.
Dim random As Random
random = New Random()
Dim saltSize As Integer
saltSize = random.Next(minSaltSize, maxSaltSize)
' Allocate a byte array, which will hold the salt.
saltBytes = New Byte(saltSize - 1) {}
' Initialize a random number generator.
Dim rng As RNGCryptoServiceProvider
rng = New RNGCryptoServiceProvider()
' Fill the salt with cryptographically strong byte values.
rng.GetNonZeroBytes(saltBytes)
End If
' Convert plain text into a byte array.
Dim plainTextBytes As Byte()
plainTextBytes = Encoding.UTF8.GetBytes(plainText)
' Allocate array, which will hold plain text and salt.
Dim plainTextWithSaltBytes() As Byte = _
New Byte(plainTextBytes.Length + saltBytes.Length - 1) {}
' Copy plain text bytes into resulting array.
Dim I As Integer
For I = 0 To plainTextBytes.Length - 1
plainTextWithSaltBytes(I) = plainTextBytes(I)
Next I
' Append salt bytes to the resulting array.
For I = 0 To saltBytes.Length - 1
plainTextWithSaltBytes(plainTextBytes.Length + I) = saltBytes(I)
Next I
' Because we support multiple hashing algorithms, we must define
' hash object as a common (abstract) base class. We will specify the
' actual hashing algorithm class later during object creation.
Dim hash As HashAlgorithm
' Make sure hashing algorithm name is specified.
If (hashAlgorithm Is Nothing) Then
hashAlgorithm = ""
End If
' Initialize appropriate hashing algorithm class.
Select Case hashAlgorithm.ToUpper()
Case "SHA1"
hash = New SHA1Managed()
Case "SHA256"
hash = New SHA256Managed()
Case "SHA384"
hash = New SHA384Managed()
Case "SHA512"
hash = New SHA512Managed()
Case Else
hash = New MD5CryptoServiceProvider()
End Select
' Compute hash value of our plain text with appended salt.
Dim hashBytes As Byte()
hashBytes = hash.ComputeHash(plainTextWithSaltBytes)
' Create array which will hold hash and original salt bytes.
Dim hashWithSaltBytes() As Byte = _
New Byte(hashBytes.Length + _
saltBytes.Length - 1) {}
' Copy hash bytes into resulting array.
For I = 0 To hashBytes.Length - 1
hashWithSaltBytes(I) = hashBytes(I)
Next I
' Append salt bytes to the result.
For I = 0 To saltBytes.Length - 1
hashWithSaltBytes(hashBytes.Length + I) = saltBytes(I)
Next I
' Convert result into a base64-encoded string.
Dim hashValue As String
hashValue = Convert.ToBase64String(hashWithSaltBytes)
' Return the result.
ComputeHash = hashValue
End Function
regards,
Sandeep