C# - SHA1 + Salt Password Hashing On Multiple Servers
Feb 8, 2011
So, I am the approach David Hayden posted on his blog [URL] to create a salt and hash the user's password by taking the user's raw password and the generated salt and using SHA1 to hash the value. I then store the salt and the hashed password in the database. zhe website is currently load balanced, so I was wondering if resulting hash value would be the same for both servers. Here is the snippet of code posted on David Hayden's blog:
private static string CreateSalt(int size)
{
//Generate a cryptographic random number.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
// Return a Base64 string representation of the random number.
return Convert.ToBase64String(buff);
}
private static string CreatePasswordHash(string pwd, string salt)
{
string saltAndPwd = String.Concat(pwd, salt);
string hashedPwd =
FormsAuthentication.HashPasswordForStoringInConfigFile(
saltAndPwd, "sha1");
return hashedPwd;
}
The reason I ask is that this code uses the code snippet: FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPwd, "sha1");
View 3 Replies
Similar Messages:
May 27, 2010
I would like to encrypt the password and store it in DB. And if user forgots the password and request for password i have to send him a dummy password to his mail id how can i implement this if any code available At the time of registration i have to encrypt or salt the password and save it to DB..
View 1 Replies
Dec 24, 2010
I am using asp.net membership and I have checked the table aspnet_membership and I can see two fields password and saltpassword which look like this QoasdDKkh5x9RizpadsGsC9N30= and tO9xYGRkjaFGaskKnTVobiJnMDQ== respectvely.
is there any tool, Stored procedure, program, online utility tool by which I can see the actual text of that password?
View 2 Replies
Feb 8, 2010
Before I continue I'm going to let everybody know that I am not trying to follow a traditional .Net Membership Provider. I'm attemping to write my own Membership Provider which does not extend the default .Net Membership Provider b/c I feel that in areas it can become extremely cumbersome. Please keep this in mind before responding. Also keep in mind that I am trying to learn from this experience, not find an easy solution for some client's application.I am writing a custom membership provider that has password formatting functionality similar to .Net's default membership provider. I'm looking for soe good/easy examples of ways to encrypt/decrypt or hash password values. I previously tried going the RSA route, but got stuck when I had to Import an RSAParameter and was unsure of how to generate a RSAParameter.
I would like to have both Hashing and Encryption available, but only need Encryption. I'm also looking for a very strong encryption. I'm storing the password format in an external .xml file (similar to how the web.config stores the password format for .Net's Membership Provider) which will become manageable from the administrative side of my webapplication.If anybody knows of any existing Encryption libraries that may provide assistance, please feel free to post links. I only ask that they be open source solutions so I can see how they went about doing this.
View 4 Replies
Mar 6, 2010
I see a ton of questions about uploading multiple files, but none about uploading a single file to multiple servers, so here goes... I have an ASP.NET app that will be running on two load balanced servers, and I would like to allow users to upload files and have them end up on both servers. What is the cleanest way to do this? I am using IIS 6 btw. Some ideas that come to mind are:
1) Use a virtual directory that points to some shared location that both servers can access. Will there be any access issues if the application runs at Network Service? I'm assuming the application will need to run as a user account that exists on the shared location machine. How should the permissions be set for this?
2) It would be nice if I could via jQuery post the request to both of my servers, referencing them by their port numbers. Even though the servers are on the same domain, this violates the same origin policy, right? Is there another solution I'm overlooking? How do other sites do this?
View 4 Replies
Mar 7, 2011
I have two applications with a single domain name ([URL] and [URL]). First one has been developed in .NET 2 and the other one with .NET 4. I have configured web.config as these steps:
1- I've set the same machine key for both of them.
2- I've set the coockie name.
3- I've set the domain name to "domain.com".
4- Also, I've set hardcoded coockie domain name to "domain.com" .
Everything was working fine when both of them were running on a single web server. Recently, I've been asked to move test.domain.com to another server. After moving, authentication ticket is not valid on the second server. I tested both of them on a single server again and everything was workinh fine, but in two servers users can't acces to test.domain.com. (Authentication Ticket is invalid)
Edited: The second server is a virtual (VMWare) server. I don't have any problem in physical servers. I checked the server's time to be synchronized. I also used fiddler to see if the server does not get the auth ticket and ther ticket is sent to the 2nd server. Note: Servers are located in different networks and maybe proxy or firewall causes this (I've no idea)
View 3 Replies
Jan 30, 2010
How do i store same file into multiple servers? My scenario is explained below Administrator module resides in production server ( "cccc" domain) which is accessible only within my company. Common module resides in DMZ and can be accessed by internet users. I have written a program to upload a .xls file to both the servers. My program is in administrator module and resides in cccc domain. I could upload the file to the server in my company but i cant upload it in DMZ. Following is the code to upload to ccc domain
FileInput.PostedFile.SaveAs(Server.MapPath("..TU" & ServerFileName))
Followins is the code to upload to dmz
FileInput.PostedFile.SaveAs("http://grtr/" & "/TU/" & ServerFileName) I will get the serverfilename using file upload control
View 4 Replies
Mar 17, 2010
Can multiple SSRS share the same DB? We're getting into an SSRS customization scenario, which may adversely affect our existing SSRS features, and I wanted to see if it was possible.
View 1 Replies
May 17, 2010
We have built an asp.net application according to 3 tier architecture, but Data Tier and Application logic lies on the same server. Our client needs that to be deployed in 2 different servers. Only front end in web server DAL & BLL in app server. Database is in different server. All 3 servers are at different physical locations. How can we commuicate between these servers and our applicaton tiers? is there any option in IIS so that we can deploy only back end code in another server? what is the best approach to communicate between different application tiers when they are physically apart?
View 2 Replies
Feb 7, 2011
We have an IVR product that reads a configuration database for callflow information. I am writing a tool for our implementation team that will allow them to add/delete/update the data in the configuration database. Once the tool is in production, the implementer will use only the production release of the tool to modify the configuration database in all four of the IVR regions (Dev, QA, Cert, and Prod). Each region has its own database with identical schemas. The tool has 'tabs' across the top for each region. If a user is currently working in the Dev region and clicks the QA tab, how do I switch my connection from the Dev db server to the QA db server?
View 3 Replies
Mar 28, 2011
A friend and I manage a large website for a company. The site is build using Visual Studio 2005 and is a series of nested web applications run inside a master application employing nested master pages. Currently we have to manually move files around folders and FTP them to various servers and I am looking for a way to be able to manage the deployment end of the site in a more automated fashion. I'd like to be able to work on my local version of a project and once I'm done be able to hit one button and publish the site to our internal testing server and then when testing is complete hit another button to deploy it to the live web servers. Right now we have to manually navigate the windows folders and copy pages, css files, images, swfs, etc and FTP them manually. The driver for this is that we have a new junior develop starting and want to remove the manual aspect in advance of him starting.
View 1 Replies
Nov 10, 2010
We have a web application that is storiing all site data in HttpRuntime.Cache. We now need to deploy the application across 2 load balanced web servers. This being the case, each web server will have its own cache, which is not ideal because if a user requests data from webserver1 it will be cached, but there next request might go to webserver2, and the data that their previous request cached won't be available. Is it possible to use a shared-cache provider to share the HttpRuntime.Cache between the two web servers or to replecate the cache between them, so that the same cache will be available on both web servers?
View 4 Replies
Jan 13, 2010
how can I synchronize sessionID over multiple second-domain servers? For example, I've got servers(you can log-in into server swarm at any of these), [URL], [URL], [URL] and if you log in at one of them, the login information (+anything else) should persist along them. How can I provide SessionID to other domains? (session itself is stored on sql server shared across the services).
View 2 Replies
Jan 12, 2010
I need to remove the password protection from an uploaded excel file. I have been doing this directly with the Excel assemblies (ASP.NET/C#) and then I tried with the ooxmlcrypto, both worked, but the problem is that I can not deploy either of those solution because of the dependencies.
I mean, my sysadmin does not want us installing Excel on the server and, as I have been searching for some alternatives, I can not find one.
My question is: is there a way to put the necessary dlls in the server without installing Excel or the Office suite?
I found this: Office 2007 Primary Interop Assemblies redistributable package but still, it requires a Microsoft Office Product.
View 2 Replies
Apr 16, 2010
I have 2 front end servers and 2 back end servers. There is a registration form in my web application. The registration form uses a Microsoft Wizard control. Lets say the Wizard control has 4 steps. After the fourth step, users click "Finish" and I display the "Thank you Message". The way the request is routed between the 2 servers is round robin. So lets say till the fourth step, the response comes from server A. After the user clicks "Finish", lets say the response now comes from server B. After they click "Finish", I am trying to access some information in the Wizard control (like Name, address and so on). Because the servers are now switched, the data is lost (at least thats what I think is happening). So all entries in the wizard control are now blank and when I try to read those values, they are null.
View 8 Replies
Dec 2, 2010
Boss comes in and demands that we change an existing dataload process written in .Net 2.0 to call stored procedures on two different servers rather than just one. In his mind (not a programmer) this should be a short overnight process. We have about 60 different SQL Commands that we need to change and test. Is there a simple way to do this that I can't think of? If there isn't we will use something like replication or database mirroring, which is my preference but is likely to get the cold shoulder from my boss, especially since I have never set these up before. A function that takes a SQLCommand as its argument and then iterates through as set of connections to execute the SQLCommand. Change all stored procs to call the same stored proc on a linked server.
View 1 Replies
Mar 12, 2010
I have a bunch of EC2 servers that are load balanced. Some of the servers are not sharing session, and users keep getting logged in and out. How can I make all the server share the one session, possibly even using a partitionresolver solution
public class PartitionResolver : System.Web.IPartitionResolver
{
private String[] partitions;
public void Initialize()
{
// create the partition connection string table
// web1, web2
partitions = new String[] { "192.168.1.1" };
}
public String ResolvePartition(Object key)
{
String oHost = System.Web.HttpContext.Current.Request.Url.Host.ToLower().Trim();
if (oHost.StartsWith("10.0.0") || oHost.Equals("localhost"))
return "tcpip=127.0.0.1:42424";
String sid = (String)key;
// hash the incoming session ID into
// one of the available partitions
Int32 partitionID = Math.Abs(sid.GetHashCode()) % partitions.Length;
return ("tcpip=" + partitions[partitionID] + ":42424");
}
}
View 1 Replies
Nov 16, 2010
I am trying to set up my web site on a stand alone server using Windows Server 2003 with IIS 6 which will access SQL server database (2008) on windows 2008 R2 server (also not in the domain) I am using form authentication and I have configured a custom identity account in IIS6. The local account is on both servers with same password and I have registered the account using aspnet_regiis.exe -ga The application pool in my iis6 has the custom local account set as the identity and my web.config file has the appropriate tags in the system.web element <identity impersonate="true" />
The problem is the local account does not seem to get passed to the sql server. Right now my iis settings are anonymous access (using the local acct vs isr) and no authentication specified under that - I did try Integrated and basic but it prompts for the username and password which I do not want. One article I read stated this: windows authentication does not support delegation (passing credentials from one server to another) and is limited to the one hop rule, only a primary token can be passed to a second server. windows
authentication on iis (all versions) gives the thread a secondary(impersonation) token which can not be used to access any network resouce
View 1 Replies
May 2, 2010
I have an asp.net page where I have used FormsAuthentication.HashPasswordForStoringInConfigFile. Encrypted password is saved in database. I have created a forgotPassword page. Where I need to send user his password. How can I decrypt it and send it to user. if SHA1 can not be decryoted what other option should I use to encrypt the passwords?
View 5 Replies
Jan 22, 2011
I heard that .NET framework will encrypt the ViewState using SHA1 or some other algorithm. So if i know the SHA1 encryption and decryption algorithm can i tamper a ViewState?I mean a malicious user studies SHA1 encryption algorithm,if he understand that algorith and develops decryption algorithm ,will it open the road of viewstate tampering? or SHA1 or other algorithm uses any random tricks for encryption and decryption?
View 1 Replies
Nov 5, 2010
The question: Is it possible to configure multiple SMTP servers or update the SMTP object server information at runtime?
Description of problem: The site I'm working on has a few pages which send emails. Our site is using Gmail so even though it's a custom domain our email is sent out though Gmail SMTP servers.
Some emails come from the system and some emails come from users in certain groups. I have an SMTP server configured with the admin email for the system e.g. admin@mysite.com This works fine and when I get the email it shows from admin@mysite.comOne of our user groups let's call it "groupA" has an email configured on our domain i.e. groupA@mysite.com When I send the email and specify a from address for the MailMessage object as groupA@mysite.com it still shows up in my outlook as coming from admin@mysite.com I did a little further testing and if I specify both the from address and the ReplyTo as groupA@mysite.com it will show as From=admin@mysite.com but when I choose reply in outlook it shows groupA@mysite.com My best guess is that Gmail is overwriting the From address with the SMTP user to prevent email spoofing.
I found this: http://www.systemnetmail.com/faq/4.1.aspx but it won't work for me since group A, B, and C all need to send emails from the same page.
View 1 Replies
May 13, 2010
I have a problem .I am using CAPICOM for digitally sign the data and for this purpose i am using SHA1 algorithm.In CPICOM there is one class CAPICOM.SignedData which is used for this purpose.My problem is how can i give SHA1's hashed data to this class (to it's sign method) for returning the digital signature of exactly 172 bit long?
MY CODE...
[code]....
View 1 Replies
Feb 9, 2011
I'm using ASP.NET membership for a site that will serve primarily sophisticated users. I understand the difference between hashed and encrypted passwords, and I'm trying to decide between the two.After my last client complained bitterly about hashed passwords being a total PITA, I've started to favor encrypted passwords. But someone suggested this just isn't secure enough.So my question is: What, exactly are the risks of encrypting passwords? Any person with the ability to steal passwords by decrypting them from the database would surely have the ability to reset them if they were hashed, no? I'm having trouble seeing where someone could cause trouble with encrypted passwords but couldn't with hashed ones. Making it convenient for users is also important.
View 4 Replies
Feb 11, 2010
I'm administrating servers running IIS 6, hosting a website on ASP.NET 2.0. Yesterday I installed .Net framework 3.5, and all my user authentication system was lost. Users can't log in, because their password arn't getting authenticated, maybe because the hash function has changed in 3.5??? I can't really get to the code, but I know it uses an extention called CodeSmith.Do you know of any break my upgrade the 3.5 ugrade could couse?
View 1 Replies
Mar 4, 2011
I want the encryption and decryption codes in C# for RSA, MD5 and HMAC-SHA1 for generated key.
View 1 Replies
