Re: How do I can check a password Hash in WSE 2.0
From: Juan Irigoyen (juan_irigoyen_at_hotmail.com)
Date: 06/14/04
- Previous message: Scott M.: "Re: Possible to change name of trace.axd in web.config file?"
- In reply to: Paul Glavich [MVP - ASP.NET]: "Re: How do I can check a password Hash in WSE 2.0"
- Next in thread: Paul Glavich [MVP - ASP.NET]: "Re: How do I can check a password Hash in WSE 2.0"
- Reply: Paul Glavich [MVP - ASP.NET]: "Re: How do I can check a password Hash in WSE 2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Jun 2004 09:09:00 +0200
Yes, but how perform the same hasing, I probe the next code, but is not
working.
string ncadena =
HashPassword(Convert.ToBase64String(token.Nonce),token.Created,"1111");
private string HashPassword (string nnonce, DateTime nfecha, string
npassword)
{
byte[] n = System.Text.Encoding.UTF8.GetBytes(nnonce);
byte[] c = System.Text.Encoding.UTF8.GetBytes(nfecha.ToString());
byte[] p = System.Text.Encoding.UTF8.GetBytes(npassword);
byte[] toBeDiges = new byte[n.Length + c.Length + p.Length];
Array.Copy(n,0,toBeDiges,0,n.Length);
Array.Copy(c,0,toBeDiges,n.Length,c.Length);
Array.Copy(p,0,toBeDiges,(n.Length + c.Length),p.Length);
Array.Clear(p,0,p.Length);
SHA1 hash = SHA1.Create();
byte[] digest = hash.ComputeHash(toBeDiges);
Array.Clear(toBeDiges,0,toBeDiges.Length);
return Convert.ToBase64String(digest);
}
"Paul Glavich [MVP - ASP.NET]" <glav@aspalliance.com-NOSPAM> escribió en el
mensaje news:ucVIX5FUEHA.1356@TK2MSFTNGP09.phx.gbl...
>
> You need to have the original data (in this case the password), so that
you
> can perform the same hashing algorithm against the data, get the rsultant
> hash, and then compare your computed hash against the supplied one.
>
> Hashing is not reversible in that you cannot reverse hash it to get the
> password or original data. Bottom line, you need the original password to
> compare against OR you simply store hashes in the database against the
users
> profile, so that you never actually store passwords, only ever hashes of
the
> passwords that are used for comparison.
>
> --
> - Paul Glavich
> Microsoft MVP - ASP.NET
>
>
> "Juan Irigoyen" <juan_irigoyen@hotmail.com> wrote in message
> news:pohcac.s91.ln@orannews.oran.local...
> >
> >
> > By example
> >
> > Client
> >
> > token = new UsernameToken("juan", "1111", PasswordOption.TextPlain );
> >
> >
> > Server
> >
> > protected override string AuthenticateToken( UsernameToken token )
> > {
> > ncadena = '1111';
> > return ncadena;
> > }
> >
> >
> > This sample go well but if the password is SendHashed the sample don´t
> >
> >
> > Client
> >
> > token = new UsernameToken("juan", "1111", PasswordOption.SendHashed );
> >
> >
> > Server
> >
> > protected override string AuthenticateToken( UsernameToken token )
> > {
> > ncadena = '1111';
> > return ncadena;
> > }
> >
> >
> > I don´t find example for this problem.
> > Thanks,
> >
> >
> >
> >
>
>
>
- Previous message: Scott M.: "Re: Possible to change name of trace.axd in web.config file?"
- In reply to: Paul Glavich [MVP - ASP.NET]: "Re: How do I can check a password Hash in WSE 2.0"
- Next in thread: Paul Glavich [MVP - ASP.NET]: "Re: How do I can check a password Hash in WSE 2.0"
- Reply: Paul Glavich [MVP - ASP.NET]: "Re: How do I can check a password Hash in WSE 2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
