.NET Membership Database – Hashing Plain Passwords in SQL

1 Flares Twitter 0 Facebook 0 StumbleUpon 0 Google+ 1 LinkedIn 0 1 Flares ×

I had a requirement this week to take a load of plain passwords in the aspnet membership database, and hash them all so that they would continue to work with the membership provider.

My first iteration was a C# console app that ran over the membership provider and made it hash the passwords – this was slow and ran into to issues around password rules.

I then tried using a simple sql compute hash comand in sql server but this also failed – it turns out that the membership provider isn’t storing the salt as a string, but as a base 64 encoded string. It also seems that the hashed password is stored in base 64 encoded format. I finally got this sorted with a few functions and a single stored proc.

First a couple of utility functions to encode and decode base 64 strings:

Next the function to create the hashed and salted password:

And finally the stored procedure to generate new salts, and hash+salt every plain password in the membership database:

, ,

The Essential App Marketing Kit
Subscribe To My Newsletter To Get an Entire Chapter From The Book for FREE
Never display this again
1 Flares Twitter 0 Facebook 0 StumbleUpon 0 Google+ 1 LinkedIn 0 1 Flares ×