I am trying to setup a database connection to our application which is using SQL Server and the AspNet Identity Provider (not Core). Users are stored in the AspNetUsers table with a hashed and salted password. In order to implement the Login Action script, I need to verify the users entered password matches the hash stored in the database. Unfortunately, the details of how that hash is generated are a little obscure and I have had trouble implementing something in the script that works. Are there any examples of making this work? Perhaps a suggested workaround?
Hi jsecto,
I was also running into this issue using an old ASP.NET project using Membership.
Hashed password and salt in the dbo.Membership table using SHA1.
Was able to import records using the import/export extension and this JSON format with SHA1 hashing settings
[{
"user_id": "12345",
"email": "test@example.com",
"email_verified": true,
"custom_password_hash": {
"algorithm": "sha1",
"hash": {
"value": "Bc0bbM6qEy5ymgnruvTUuNhnVKU=",
"encoding": "base64"
},
"salt": {
"value": "oVZDJPuCI5xuQ8k0jOeblQ==",
"position": "prefix",
"encoding": "base64"
},
"password": {
"encoding": "utf16le"
}
}
}]Thank you. That will be helpful if we decide to go the route of importing users rather than directly linking to our SQL database. I am leaning towards this since we don’t have a large number of users yet.
Teamwork makes the dreamwork!