I’m having trouble migrating a user, without losing the original password, from an existing database that was created using ASP.NET Identity Core (version 2.0).
My goal is to migrate a user over and be able to use the existing password.
I’m using Auth0’s Bulk Import API tools to do this, following the directions in this blog post very closely.
I am able to create users via the API without issue. My problem has only to do with retaining the user’s original password.
Here is what my JSON payload looks like for a single user (with some info redacted):
[
{
"user_id": "1",
"email": "<my_email>",
"custom_password_hash": {
"algorithm": "sha1",
"hash": {
"value": "<base64_passwordhash>",
"encoding": "base64"
},
"salt": {
"value": "<base64_salt>",
"encoding": "base64"
}
},
"given_name": "Tom",
"blocked": false,
"email_verified": true
}
]
I believe my issue to be with the way I am obtaining hash.value and salt.value.
To get these values, I am using a custom C# script I wrote in order to break down the PasswordHash that was originally produced by AspNetIdentity’s HashPassword method.
It is to my understanding that AspNetIdentity’s HashPassword() produces a base64 string that contains both an encoded salt and an encoded password value.
My C# script looks like this:
using System;
using System.Collections.Generic;
using System.Linq;
public class Program
{
public static void Main()
{
var passwordhash_b64 = Convert.FromBase64String("<base64 PasswordHash produced by Asp.Net.Identity.Core v2.0>");
List<byte> salt_bytes = new List<byte>();
List<byte> pw_bytes = new List<byte>();
// Break down the "PasswordHash" value into
// the bytes representing salt and pw
// The first byte represents which version of Identity is being used - can ignore for this
// bytes 2-17 represent the salt, randomly generated by Identity
// bytes 18-49 represent the password hash
for (var i = 0; i < passwordhash_b64.Length; i++)
{
if (i > 0 && i < 17)
salt_bytes.Add(passwordhash_b64[i]);
else if (i > 0)
pw_bytes.Add(passwordhash_b64[i]);
}
// Convert to byte array and print to console
var salt_bytearray = salt_bytes.ToArray();
// Convert to byte array and print to console
var pw_bytearray = pw_bytes.ToArray();
// Convert both back to base 64
var salt_b64 = Convert.ToBase64String(salt_bytearray);
var pw_b64 = Convert.ToBase64String(pw_bytearray);
// print base64 to console, and use in json payload for user migration
Console.WriteLine(salt_b64);
Console.WriteLine(pw_b64);
}
}
Are my presuppositions about the breaking-down of the Identity PasswordHash incorrect? Am I specifying the wrong hashing algorithm (sha1)? Is my JSON payload incorrect?
Has anyone had success migrating users from Asp.Net.Identity.Core version 2.0 to Auth0 using Bulk Import? Any and all advice is appreciated.
Thanks in advance!