Re: SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider
From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 05/12/04
- Next message: suresh d: "Authentication Problem when using Microsoft Application test center"
- Previous message: Gareth: "Forms Authentication via SSL question"
- In reply to: Super Julius: "SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider"
- Next in thread: Super Julius: "Re: SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider"
- Reply: Super Julius: "Re: SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 May 2004 12:24:23 -0300
Your problem is in the Hexa encoding loop. The ToString( b, 16) method gives
you a one char lenght for hexa values of one digit. I suggest you to use
this function for hexa encoding.
BitConverter.ToString( hash ).Replace( "-", string.Empty ).ToUpper()
-- Hernan de Lahitte Lagash Systems S.A. http://weblogs.asp.net/hernandl This posting is provided "AS IS" with no warranties, and confers no rights. "Super Julius" <super_julius@yahoo.com> wrote in message news:e315dbfd.0405120452.688259ce@posting.google.com... > Folks, > > I am struggling with the following problem. When I encode a string > using FormsAuthentication or SHA1CryptoServiceProvider, I don't get > the same encoding. > > In fact I have a SHA1 ASP implementation for one of our legacy > application but I have done the migration using the following code: > > private string Hash(string toHash) > { > string hashed = ""; > > SHA1 sha1 = new SHA1CryptoServiceProvider(); > byte[] hash = sha1.ComputeHash(System.Text.Encoding.UTF8.GetBytes(toHash)); > > foreach(byte b in hash) > hashed += Convert.ToString(b, 16).ToUpper(); > > return hashed; > } > > I then noticed that some values were not encoded the same way. So I > tried using FormsAuthentication.HashPasswordForStoringInConfigFile(value, > "SHA1"). Guess what the it encodes the values the same way the ASP > SHA1 does. > > Basically this means that the code above with > SHA1CryptoServiceProvider is just wrong. I have tried using all the > encoding available when getting the bytes out of the string but I > cannot get the same encoding. > > A value for which it does not work: ArntzHans > > Result with SHA1CryptoServiceProvider: > 1C4F53FA399F44D81BF4F8540B5127FB44EDA2 > > Result with FormsAuthentication: > 1C4F53FA399F440D81BF4F8540B5127FB404EDA2 > * * > > Note that the 2 '0' characters outlined on the 2nd result are missing > from the first encoding. > > I have read a few threads from users having the same problem, but no > concrete solution to the problem > > Wish someone can help me solving this out > > Thx > Julien
- Next message: suresh d: "Authentication Problem when using Microsoft Application test center"
- Previous message: Gareth: "Forms Authentication via SSL question"
- In reply to: Super Julius: "SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider"
- Next in thread: Super Julius: "Re: SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider"
- Reply: Super Julius: "Re: SHA1 encoding differences with FormsAuthentication and SHA1CryptoServiceProvider"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
