We are building a mobile application which integrate through the DNN.
The mobile application uses ASP.net webservice which connect to the DNN Modules, in the mobile application there exist two options
- the registration screen
which create new user in the DNN Module, the problem is that in the ASP.net Web service the webmethod that is reponsible for creating the new user, it connect to the DNN database and insert new record in the tables (membership tables)
the problem is that when insering new users in these table specially
([aspnet_Membership]) using ASP.net code and Linq.sql Framework
we sypher the user password with Trible DES Algrithem
we creating class to generate salt and encrypt and decrypt passwords
public class NetFourMembershipProvider : SqlMembershipProvider
public string GenerateSalt()
(new RNGCryptoServiceProvider()).GetBytes(buf);
return Convert.ToBase64String(buf);
public string EncodePassword(byte passFormat, string passtext, string passwordSalt)
if (passFormat.Equals(0)) // passwordFormat="Clear" (0)
byte[] bytePASS = Encoding.Unicode.GetBytes(passtext);
byte[] byteSALT = Convert.FromBase64String(passwordSalt);
byte[] byteRESULT = new byte[byteSALT.Length + bytePASS.Length + 1];
System.Buffer.BlockCopy(byteSALT, 0, byteRESULT, 0, byteSALT.Length);
System.Buffer.BlockCopy(bytePASS, 0, byteRESULT, byteSALT.Length, bytePASS.Length);
if (passFormat.Equals(1)) // passwordFormat="Hashed" (1)
HashAlgorithm ha = HashAlgorithm.Create(Membership.HashAlgorithmType);
return (Convert.ToBase64String(ha.ComputeHash(byteRESULT)));
else // passwordFormat="Encrypted" (2)
return (Convert.ToBase64String(this.EncryptPassword(byteRESULT)));
public string GetClearTextPassword(string encryptedPwd)
byte[] encodedPassword = Convert.FromBase64String(encryptedPwd);
byte[] bytes = this.DecryptPassword(encodedPassword);
return Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10).Substring(0,Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10).Length - 1);
public new byte[] EncryptPassword(byte[] password)
return base.EncryptPassword(password);
and adding in web.config file the sypher key
at app setting section we add
<add key="EncryptKey" value="42441B48BCA3F15B2353E426BC2C9111680E09E8"/>
at the system.web secton we add
<machineKey validationKey="42441B48BCA3F15B2353E426BC2C9111680E09E8" decryptionKey="00B3BAE82FEF44753E95AE088CCDB5E75C0F3BB1E58DEC2A" decryption="3DES" validation="SHA1" />
and the code for the register web servce is
string Email = Request.QueryString["Email"];
string UserName = Request.QueryString["UserName"];
string MobileNo = Request.QueryString["MobileNo"];
string FirstName = Request.QueryString["FirstName"];
string LastName = Request.QueryString["LastName"];
string password = Request.QueryString["Password"];
string salt = "35wj1+r/Dr6RYjBbIRhWeQ==";
NetFourMembershipProvider decriptor = new NetFourMembershipProvider();
string encryptedpassword = decriptor.EncodePassword(2, password, salt);
ORMDataContext myContext = new ORMDataContext();
int userCount = (from user in myContext.Users
where user.Username == UserName
select user.UserID).Count();
CustomUser myUser = new CustomUser();
aspnet_User membership_user = new aspnet_User();
membership_user.ApplicationId = Guid.Parse("4985C01A-3338-49C9-AC39-DC5934D5ED7A");
membership_user.UserName = UserName;
membership_user.LoweredUserName = UserName.ToLower();
membership_user.LastActivityDate = DateTime.Now;
membership_user.IsAnonymous = false;
membership_user.MobileAlias = MobileNo;
membership_user.UserId = Guid.NewGuid();
myContext.aspnet_Users.InsertOnSubmit(membership_user);
myContext.SubmitChanges();
aspnet_Membership membership = new aspnet_Membership();
Guid appID = Guid.Parse("4985C01A-3338-49C9-AC39-DC5934D5ED7A");
membership.ApplicationId = appID;
membership.CreateDate = DateTime.Now;
membership.Email = Email;
membership.FailedPasswordAnswerAttemptCount = 0;
membership.FailedPasswordAnswerAttemptWindowStart = DateTime.Now;
membership.FailedPasswordAttemptCount = 0;
membership.FailedPasswordAttemptWindowStart = DateTime.Now;
membership.IsApproved = true;
membership.IsLockedOut = true;
membership.LastLockoutDate = DateTime.Now;
membership.LastLoginDate = DateTime.Now;
membership.LastPasswordChangedDate = DateTime.Now;
membership.LoweredEmail = Email.ToLower();
membership.MobilePIN = "";
membership.Password = encryptedpassword;
membership.PasswordAnswer = "";
membership.PasswordFormat = 2;
membership.PasswordQuestion = "";
membership.PasswordSalt = salt;
membership.UserId = membership_user.UserId;
myContext.aspnet_Memberships.InsertOnSubmit(membership);
myContext.SubmitChanges();
Borsa_Ws.User user = new User();
user.Username = UserName;
user.CreatedOnDate = DateTime.Now;
user.DisplayName = UserName;
user.FirstName = FirstName;
user.LastName = LastName;
user.UpdatePassword = false;
user.LastModifiedByUserID = -1;
user.IsSuperUser = false;
myContext.Users.InsertOnSubmit(user);
myContext.SubmitChanges();
Borsa_Ws.UserRole user_role1 = new Borsa_Ws.UserRole();
user_role1.UserID = user.UserID;
Borsa_Ws.UserRole user_role2 = new Borsa_Ws.UserRole();
user_role2.UserID = user.UserID;
myContext.UserRoles.InsertOnSubmit(user_role1);
myContext.UserRoles.InsertOnSubmit(user_role2);
myContext.SubmitChanges();
myUser.Roles = new int[] { 1, 2 };
myUser.UserID = user.UserID.ToString();
JavaScriptSerializer searlizer = new JavaScriptSerializer();
Response.ContentType = "application/json; charset=utf-8";
Response.Write(searlizer.Serialize(myUser));
wehen we come to the DNN web site and trying to login we the new inserted data
so could you tell me what is wrong with my code
thanks