I am writing a login system that will log in against a DotNetNuke application's database. I have access to the database and can read the PasswordSalt in the aspnet_Membership table. Hence I will have as inputs:
- user's password (submitted by form)
- user's salt (I can look up)
and I must produce as output the hashed/encrypted Password. The PasswordFormat=2, which is "Encrypted". However, I have not been able to find details of the encryption algorithm being used, so that I can rewrite it in my own application. So far, my research has led me to this page:
http://msdn.microsoft.com/en-us/library/aa478949.aspx
and also this this stackoverflow post, which has the following formula in one of the comments:
Convert.ToBase64String((new Rfc2898DeriveBytes(YourPWD, YourSALT)).GetBytes(20))
However, this formula does not appear to work on my test data, which has the following inputs and outputs:
password: 888888
salt: ahEvjCX3FM04S5cSi1qdHA==
hashed password: y3rxLUDYdj1/+IGC94/tvW6M3pQTCi/9bq1cNOUgYlM=
You can see the test I attempted here:
http://ideone.com/EClO2
I just need working code that will do whatever DNN does internally to turn those inputs into a the hashed password that is actually stored in the DB.
Thanks,
Jonah