Migrate users with passwords hashed using Microsoft.AspNet.Identity.Core, Version=2.0.0.0

Bas.van.Nuland · May 30, 2024, 3:09pm

Ready to post? First, try searching for your answer.
I want to share some code i created to create the json needed to do a bulk import for users with a password hash created with Microsoft.AspNet.Identity.Core, Version=2.0.0.0
It was quite a challange to get it right but at the end by adding ToUrlSafeBase64 i got i to work:
public ActionResult Export()
{
var users = _userManager.GetUsers();
List userDataList = new List();

 foreach (var user in users.Items)
 {
     try
     {
         var passwordComponents = ExtractSaltAndSubkey(user.Password);
         var userData = new
         {
             email = user.WorkEmail,
             username = user.LoginName,
             given_name = user.FirstName,
             family_name = user.LastName,
             email_verified = false,
             custom_password_hash = new
             {
                 algorithm = "pbkdf2",
                 hash = new
                 {
                     value = $"$pbkdf2-sha1$i={PBKDF2IterCount},l={PBKDF2SubkeyLength}${passwordComponents.Salt}${passwordComponents.Subkey}",
                     encoding = "utf8"
                 }
             }
         };

         userDataList.Add(userData);
     }
     catch (Exception ex)
     {
         // Log the error or handle it appropriately
         Console.WriteLine($"Error processing user {user.LoginName}: {ex.Message}");
     }
 }

 string json = JsonConvert.SerializeObject(userDataList, Formatting.Indented);
 return View("Export", (object)json);

}

private const int PBKDF2IterCount = 1000; // Ensure this matches the iterations used when hashing originally
private const int PBKDF2SubkeyLength = 32; // Ensure this matches the byte length of the derived key
private const int SaltSize = 16; // Ensure this matches the byte size of the salt used when hashing
public static (string Salt, string Subkey) ExtractSaltAndSubkey(string hashedPassword)
{
byte hashBytes = Convert.FromBase64String(hashedPassword);
byte salt = new byte[SaltSize];
byte subkey = new byte[PBKDF2SubkeyLength];

 Array.Copy(hashBytes, 1, salt, 0, SaltSize);
 Array.Copy(hashBytes, 1 + SaltSize, subkey, 0, PBKDF2SubkeyLength);

 return (ToUrlSafeBase64(Convert.ToBase64String(salt)), ToUrlSafeBase64(Convert.ToBase64String(subkey)));

}

public static string ToUrlSafeBase64(string base64String)
{
return base64String.Replace(‘+’, ‘-’).Replace(‘/’, ‘_’).TrimEnd(‘=’); // Convert standard base64 to URL-safe base64 and remove padding
}

View content for Export.cshtml:
@model string
@{
Layout = null;
}

@Html.Raw(Model)

Topic		Replies	Views
Migrate users from Asp.net Identity to Auth0 Help migrate-users	4	4470	December 14, 2020
Migrating Database Users from One Tenant to Another Tenant Knowledge Articles migration , database-migration	1	5022	December 13, 2022
Bulk Import of users with hashed passwords using Java BCrypt - import succeeding but password not carrying over Help password , hash , password-hash	4	5670	November 6, 2019
How to export user password hashes? Help password-hash , export , exporting-user-data-	6	10557	July 29, 2020
User Migration with custom hash password Help user-import , password-hash , bulk-user-import	11	3517	October 21, 2024

Migrate users with passwords hashed using Microsoft.AspNet.Identity.Core, Version=2.0.0.0

Related Topics