5

This question is a revised version of the previous one (I deleted that one)

I have a site running (C#) MVC 5 and ASP.Net Identity 2.0. From within the site all user management functions works fine, create, update, delete.

We have a SQL job that created all the accounts in bulk on the previous version of the site, I now need to update this to create the new accounts in Identity 2.0. I can't find any information on how to do this in any of the available forums.

Any information would be appreciated.

I've done some work on it an the last issue I have is figuring out how Identity 2.0 encodes the password. I can't seem to find out what algorithm is used.

This is how Identity 1 encoded the password:

SET @encoded_hashed_password = dbo.fbase64_encode(HASHBYTES('SHA1', Cast(@salt as varbinary(MAX)) + CAST(@ClearTextPassword AS varbinary(MAX))))

I'm looking for the Identity 2.0 equivalent.

Improve this question
2
  • It's exactly the same according to stackoverflow.com/questions/24026912/… Commented Jul 28, 2014 at 13:19
  • I've looked at that post, it's not that same. Identity 2.0 uses pbkdf2, 1.0 does not. Commented Jul 30, 2014 at 7:10

1 Answer 1

Reset to default
1

It uses the same algorithm you will find in System.Web.Helpers.Crypto to hash and verify the passwords. To hash the password the method HashPassword can be used. The password hash is generated with the RFC 2898 algorithm using a 128-bit salt, a 256-bit subkey, and 1000 iterations. The format of the generated hash bytestream is {0x00, salt, subkey}, which is base-64 encoded before it is returned.

It is not clear to me from the question whether the previous site used SimpleMembership. If it was here is an article that provides detailed steps to migrate to ASP.NET Identity and how you can just use the same hash for your passwords.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks kevin, the problem is not migrating, the problem is creating the new accounts (brand new users, not existing ones from the previous site) in a SQL job. Each job will have to create a few hundred accounts, so I need to find a script that can hash the password successfully.
T-SQL does not have anything built in to perform this type of hash. But you can call .Net methods from it. You can use the method I mentioned above (Crypto.HashPassword). Here is an example on how to call a simple common language runtime (CLR) integration-based stored procedure. msdn.microsoft.com/en-us/library/ff878250.aspx
Thanks Kevin, I figured that the CLR route is the best solution to the problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.