I've created a website for our company and my users were all created with the configuration wizard. What I'm trying to do is create an Access front-end but I want users to log in using the same username and password as the website. I can link the aspnet_users and aspnet_membership into access but I would need to encrypt the password the users enter to and check against the table. My question is what is the encryption used on these passwords and is this encryption capable in Access?

Hello,

the default hashAlgorithmType attribute on the membership element in machine.config is set to SHA1 and the passwordFormat attribute on the default provider is set to hashed. So the passwords are hashed using SHA1. The default membership provider (SqlMembershipProvider) uses a random string (stored in the salt column in the aspnet_Membership table) to create the hash, so you have to take that into account. You can see the implementation by using .NET Reflector (you will need to get the same hash to confirm the password).

Good luck!

Also, to make it easier to check passwords, you can configure the membership provider to store the passwords as they are, no hashing or encryption.

<membership defaultProvider="AspNetSqlMembershipProvider">
  <providers>
    <clear />
    <!-- Clear the default configuration and add your own -->
    <add name="AspNetSqlMembershipProvider"
      type="System.Web.Security.SqlMembershipProvider"
      connectionStringName="LocalSqlServer"
      passwordFormat="Clear" /><!-- This will make the provider store passwords literally -->
  </providers>
</membership>

So first we remove the default configured provider (see your machine.config file for this configuration) and then we add our own. Here you have the chance to override the settings you want, so we override the passwordFormat setting. A password "test" will now be stored as "test".

Good luck!

I have a windows aplication that woks whit the asp.net tables in database, so i have a login form in my app.

You can check the user name in the tables, because its not encrypted, but the passwor?

Easy.. Encrypt the users password and compare it whit the password asociated whit the user in the database.

-------------------------------------------------------------------------------- 

        strNombre = Trim(Me.txtUsuario.Text)
        strClave = Trim(Me.txtContraseña.Text)

        strcon = "SELECT * " & _
                    "FROM aspnet_Users a " & _
                    "INNER JOIN aspnet_membership b ON b.userid = a.userid " & _
                    "WHERE a.UserName= '" & strNombre & "'"
        ds = gfEjecutar(strcon)
       'ds = dataset returning the query result

        If ds.Tables(0).Rows.Count > 0 Then
            dr = ds.Tables(0).Rows(0)
             'dr = datarow

            Dim strPassword As String
            Dim strSalt As String

            strSalt = dr("PasswordSalt")
           
            strPassword = EncodePassword(strClave, strsalt)

            If dr("Password") Like strPassword Then
                gstrUserName = strNombre
                Dim frm As New frmExpedicion
                frm.Show()
                Me.Hide()
            Else
                MsgBox("Contraseña incorrecta", MsgBoxStyle.Information, Me.Text)
                Exit Sub
            End If

        Else
            MsgBox("Usuario no registrado", MsgBoxStyle.Information, Me.Text)
            Me.txtUsuario.Text = ""
            Me.txtUsuario.Focus()
            Exit Sub
        End If
 

this is the function who encrypt the password like asp.net 

    Friend Function EncodePassword(ByVal pass As String, ByVal salt As String) As String
        Dim buffer1 As Byte() = Encoding.Unicode.GetBytes(pass)
        Dim buffer2 As Byte() = Convert.FromBase64String(salt)
        Dim buffer3 As Byte() = New Byte((buffer2.Length + buffer1.Length) - 1) {}
        Dim buffer4 As Byte() = Nothing

        Buffer.BlockCopy(buffer2, 0, buffer3, 0, buffer2.Length)
        Buffer.BlockCopy(buffer1, 0, buffer3, buffer2.Length, buffer1.Length)
        Dim algorithm1 As System.Security.Cryptography.HashAlgorithm = System.Security.Cryptography.HashAlgorithm.Create(Membership.HashAlgorithmType)

        If algorithm1 Is Nothing Then
            Throw New Exception("Error creating hash algorithm type:  SHA1(")
        End If
        buffer4 = algorithm1.ComputeHash(buffer3)
        Return Convert.ToBase64String(buffer4)
    End Function

 

if anybody needs more help... you know feel free to  see my space Sebastian Greco