Password hashing on custom login script for custom database integration with ASP.NET Membership Provider

Hello, I wanted to post this to help anyone that may be facing the same problem and spare them the pain. The problem we had was that the password hashing done in Auth0’s predefined login templates for the ASP NET Membership Provider custom database did not match the hashing the was done on our side. In our case the hashing was done with sha1 and by prefixing the plain password with the salt. So this is how it should look in the custom Auth0 login script:

  function hashPassword(password, passwordSalt) {
    const hash = crypto.createHash('sha1');
    const salt = Buffer.from(passwordSalt,'base64');
    password = Buffer.from(password,'ucs2');
    hash.update(Buffer.concat([salt, password]));
    return hash.digest('base64');

It may be slightly different depending on your ASP NET Membership version. We were using an older version. Maybe it could be that the salt is suffixed, not prefixed for example. You can try multiple variations around this. We tried hundreds of variations until we reached this working one.

Also, another small note is that when fetching user data from the SQL query result, the format was an array, roughly like this:

    "value": "12345",
    "metadata": {
      "columnName": "UserId",
    "value": ""
    "metadata": {
      "columnName": "Email",

The default template’s code doesn’t work on this format (it is using fields.Email, fields.UserId etc.), so you have to change the parts accessing the columns data. For example, you could simply do this:

getMembershipQuery.on('row', function(fields) {
  user = {
    profile: {
      user_id: fields[0].value,
      nickname: fields[1].value,
      email: fields[1].value,

or you could filter by the columName.

Hope this helps!

1 Like

Thanks for figuring it out yourself and sharing with the rest of community! For others coming across this topic in the future.

Above you’ve got the solution from @matei.r