We are converting an ASP site (using DotNetNuke) to a new PHP site. The only thing we have right now is a full export of the existing database. One of the tables is called "aspnet_Membership" and contains the following fields:
Password (looks like base64)
PasswordFormat (always value 2)
PasswordSalt (looks like base64)
PasswordQuestion (always empty)
PasswordAnswer (always empty)
We would like to decode these passwords and hash them to fit our own framework. From what I understand from the .NET documentation these kind of passwords can be decrypted. Is there an algorithm available that can do this or is it more complicated than that? Will it be possible if we create an ASP script on the current server?
building a site and the client wants an admin page, so that he can login and change passwords, delete users or create users.I have 3 subs, one for creating, one for deleting and one for changing passwords. The create user works fine. The delete user works fine but on the changing password is where I have the trouble. Here is the code:
I need to migrate existing users, I will be creating the users account and setting a dummy password for the first time login... My problem is that by doing this they will not have their security question and answer filled in... I am trying to create a page that will force the user to set up their question and answer at first long ... The problem that I am having is when i try to get the password i get the following error..
I find that the password can only retrieved by method GetPassword() in asp.net2.0 Membership.In fact, we can get the password when we get the user infomation from database and set it as a property of user(object of MemberhsipUser) just as user.Email, user.UserName, etc.
It's clear that adopting the second resolution(property) can reduce one trip between server and database and more convenient. But why Microsoft don't do like this? For secruity reason? Then why is it less secure to set the password as property?
PasswordDeriveBytes take 4 paramteres and return an encrypted key basead on 4 parameters: passPhrase, saltValue, hashAlgoithm and password iteration
I wonder what algorithm PasswordDeviveBytes are using, so I can tell someone who are not .NET programmer that this secretkey was made by that alogorithm and that he can use this algorithm also - And then he should get the same results as PasswordDeriveBytes method
can I change the password algorithm and still use the sqlMembershipProvider or do I have to create a new sqlMembershipProvider. If so, are they any step by step tutorials on how to do that.
I need an algorithm to determine who match who in the tournament bracket, say I have 32 ( number could be flexible) contestants seeded 1 to 32, at round 1, seed 1 matches with 32, seed 2 with 31 and so forth. What about 2nd, 3rd, 4th and 5th round? I need an algorithm to be programmed into computer.
Using sha As New SHA256Managed Using memStream As New MemoryStream(Encoding.ASCII.GetBytes("Hello World!")) Dim hash() As Byte = sha.ComputeHash(memStream) Dim res As String = Encoding.Default.GetString(hash) End Using End Using
I have been unable to recreate the same hash for the same values with these two bits of code.
The javascript implementation returns: 7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069
and the vb.net example returns: ƒeñüS-ÁHÖ]ü-KÖw(JÝÒ mi"
What am I missing? I assume it's something to do with the character encoding?
I heard that .NET framework will encrypt the ViewState using SHA1 or some other algorithm. So if i know the SHA1 encryption and decryption algorithm can i tamper a ViewState?I mean a malicious user studies SHA1 encryption algorithm,if he understand that algorith and develops decryption algorithm ,will it open the road of viewstate tampering? or SHA1 or other algorithm uses any random tricks for encryption and decryption?
I need an example on how to implement AES encryption/decryption in .NET. I've been googling but haven't yet found any good examples. I've for example found AES example whih after some research wasn't 100% AES. I have to make sure by AES encryption/decryption is 100% AES, as I have to send email to the authorities explaining how I use AES (with secret key all), so they can hire some encryption expert which verify that we encrypt/decrypt it correctly. So he can verify that the what I implemented in AES is actually 100%. I'm reading the AES standard and how it's to be implemted in .NET Here is some code I'm having trouble with:
[Code]....
Which throws an CryptographicException: Specified key is not a valid size for this algorithm.
i want to encrypt the password by using the encryption algorithm dll uploaded by the user. is it possible to do the action. how can i call the method used by the user to create the dll.
SSCC The check digit calculation uses the standard method. Suppose you want to calculate the check digit for ID number 10614141192837465.
Step One: From the right to left, start with odd position, assign the odd/even position to each digit.
Index 1 2 3 4 5
Digit 1 0 6 1
Position odd even odd even
Step Two: Sum all digits in odd position and multiply the result by 3. (1+6+4+4+1+2+3+4+5)*3=90
Step Three: Sum all digits in even position. (0+1+1+1+9+8+7+6)=33
Step Four: Sum the results of step three and four: 90+33=123
Step Five: Divide the result of step four by 10. The check digit is the number which adds the remainder to 10. In our case, divide 123 by 10 we get the remainder 3. The check digit then is the result of 10-3=7.
I'm trying to get a decent sorting algorithm for my products database. Users can vote for their products with using scores from 0 to 5 (.5 scores are also possible like 2.5). My table structure currently looks like this:
Whenever a user votes I'm calculating the finalscore very simple like (TotalPoints / NumberOfVotes) = FinalScore. Then I sort the table on FinalScore and NumberOfVotes.Now while this works it's not excactly fair because a product which has only 1 vote of 5 stars can easily come in top rankings.I admit I'm not very good at statistics or algorithms to get a fair product listing and what I'm looking for is something which is not over the top diffucult but which is more fair then the method I'm using now.
I have a page that will receive an encrypted query string containing a user name, password & jobId, the problem is I don't want someone to be able to grab the encrypted url (browser history) and reuse it, so it has to change each time the page is requested.
The only way I can think of doing this is by having an encryption key associated with the the job and then change it after each time the page is requested. The client would either request the key or the entire url from a web service residing on my server.
Is this the best way to do this?
Is there a mutating encryption method out there I could use "out the box"?
Ranking of CONTAINSTABLE StatisticalWeight = Log2( ( 2 + IndexDocumentCount ) / KeyDocumentCount ) Rank = min( MaxQueryRank, HitCount * 16 * StatisticalWeight / MaxOccurrence ) can anyone explain this algorithm, more importantly i want to know about these variables used in this algorithm, whats their purpose?it would be more useful for me?
I am rewriting my PHP website into C# .NET, and I need to be able to set the algorithm used by the CreateUserWizard / Membership Provider to SHA1 so that I can port all of the user accounts over without having to force them all to reset their passwords when this project is complete. At current glance it doesn't look like it is using SHA-1, and my Googlefoo is failing me.
I have this Rijndael algorithm below as class and my problem is when I tried to call this class from Code behind page the methods inside this class is not appearing with me
I am planning to write a custom 'password reset control' that allows an Administrator to reset the user's password, while using the ASP.NET built-in 'login' and 'create new user' controls. For this reason, I will need the hashing algorithm (hopefully I can call some .NET class and method) to perform this.
I have a bunch of internet devices which communicate with my MVC app on IIS 7.5. I'm currently using the built-in dynamic transparent compression (gzip/deflate).
I'd like to be able to support a different compression algorithm, which does a lot better than gzip (7zip) for the content I'm sending/receiving.
In other words, on the client I will add the header: accepts: gzip, deflate, 7zip (or similar), and the server will recognize this, and apply the best choice when sending the content.
What's the best way to go about hooking this all together? (I know how to implement the actual 7zip encode/decode aspect)
I have two tables which at first I made both of their primary key auto increment.I finished what needed to be done and faced an error.I realised that auto increment was not a good solution for this case so I decided to make an algorithm that will give a different key number.So I went to tables properties and removed their ID Specification (is ID) and turned it no.
I'm trying to unit test the MembershipProvider, however I cant figure out how or whether there is any need for unit testing of it...
My business layer:
public interface IAccountService { MembershipCreateStatus CreateUser(string userName, string password, string email); } public class AccountService : IAccountService { private readonly MembershipProvider provider; public AccountService() : this(null) { } public AccountService(MembershipProvider providera) { this.provider = providera ?? Membership.Provider; } public MembershipCreateStatus CreateUser(string userName, string password, string email) { if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", userName); if (String.IsNullOrEmpty(password)) throw new ArgumentException("Value cannot be null or empty.", password); if (String.IsNullOrEmpty(email)) throw new ArgumentException("Value cannot be null or empty.", email); MembershipCreateStatus status; provider.CreateUser(userName, password, email, null, null, true, null, out status); return status; } }
The only examples I've found so far requires a "MockMembershipProvider" with a local database setup... seems quite odd to me.
I'm working on an ASP.NET solution with 2 projects. One is the web interface and the other contains my business logic. I'm using LINQ to SQL for my data access in the second project.
Apart of my database, I have a table called Users which holds user information.
I've started to implement a MembershipProvider. I notice that MembershipUser is coupled with MembershipProvider. What is the most correct way of getting my BLL/DAL to talk about Users? Should I minimally implement MembershipUser and whenever a user calls a method, it will call for eg. GetUserInfo() in my BLL/DAL, to get complete information about the user?
Or should I make the MembershipUser class methods call my custom "Users" class methods (like a wrapper) in the BLL/DAL (this custom users class is not related to linq)?
Or can I somehow extend the Linq to sql class "CFUsers" to extend MembershipUser.
The problem I'm running into is that when people reset their passwords, it seems the ResetPassword() method returns a password that is longer than I want and has characters that can be confusing (l,1,i,I,0,O). Furthermore, I'm sending my users an email with a plain-text message and an HTML message (I'm using MailMessage with AlternateViews). If the password has unsafe HTML characters in it, when the email clients render the HTML text the password might be different (e.g. the %, &, and < aren't exactly HTML safe).
I've looked over the "add" element that belongs in the web.config, but I don't see any extra configuration properties to only include certain characters in the ResetPassword() method and to limit the password length.
Can I configure the ResetPassword() method to limit the password length and limit the character set it is choosing from?
Right now I have a workaround: I call ResetPassword() to make sure the supplied answer is correct, and then I use a RandomPassword generator I downloaded off the internet to generate a password that I like (without ambiguous characters, HTML safe, and only 8 characters long) and then I call ChangePassword() to change the user's password after I've already reset it.