GENERATING FORMS Authentication Compatible Passwords (sha1) by Anthony Ogden.
In this Article We Will Take A Quick Look At Two Methods for Creating Sha1 Passwords for Use on the web.
In Brief We show how to generate sha1 hashes That Are Forms Authentication Compatible VIA:
Net Web Application .NET Windows Form or Console Application
Why would we want to create an SHA1 Password Hash? The answer to this is easy. It is dangerous to store passwords anywhere in plain text !! SHA1 gives a quick and easy way to encode a password into a non-human readable form. This Means it is safer to store in a database, and shop the database be viewed by anyone who shouth't know the passwords, it will be much what a user's password is.
Creating An Sha1 Password Hash Using A Web ApplicationDownload The VB.Net Project File Here.
...................... ..
The Following Section of Code Shows An Example of this:
DIM encpass as string = _
FormsAuthentication.hashPasswordforstoringInconfigfile (tbxpassword.text, _
"SHA1")
TBXResult.text = encpass.tostring ()
The result.........................................
THIS HASHED Password CAN THEN BE PLAECED IN YOUR WEB.CONFIG FILE OR IN A DATABASE AND Used IN Your Web Application for Forms Authentication. In a Future Tutorial We Will Show How To Go On and Use this in an Application.
Creating an SHA1 Password Hash using a Windows Form / Console ApplicationDownload the VB.Net project file for this application here.The code for creating a Forms Authentication compatible password from a Windows App is slightly different. Instead of using the System.Web.Security. FormsAuthentication namespace, we use the System.Security.Cryptography namespace. We also have an additional step to take in converting the SHA1 hash from binary into a Hexadecimal string, which is the format used in FormsAuthentication.
The Following Sections of Code Show The Steps We Have To Take To Get A Compatible Password Hash From A Windows Application:
Dim MyString As String = "Password"
DIM DATA as byte ()
Data = encoding.ascii.getbytes (MyString)
The Sha1Managed Object Expected Our Data As Binary Bytes, So The Code Above Converts Our String "Password" INTO A SEQUENCE OF BYTES.
Dim Sham as new sha1managed ()
Dim Resulthash as Byte () = sham.computehash (data)
. T b b b....
Dim ResultHexString = "" "
DIM B AS BYTE
For Each B in Resulthash
ResultHexString = HEX (B)
NEXT
The lines above take our binary data and convert the bytes into a Hexadecimal string representation, the format that is used when using FormsAuthentication. You can check you get the same results by first running the web application version and taking the resulting string, running the windows Application with The Same Password and Comparing The Encoded Result.
