DotNetNuke如何哈希其密码？

Question

I am writing a login system that will log in against a DotNetNuke application's database. I have access to the database and can read the PasswordSalt in the aspnet_Membership table. Hence I will have as inputs:

1. user's password (submitted by form)
2. user's salt (I can look up)

and I must produce as output the hashed Password. The PasswordFormat=2, which is "Encrypted". However, I have not been able to find details of the encryption algorithm being used, so that I can rewrite it in my own application. So far, my research has led be to this page:

http://msdn.microsoft.com/en-us/library/aa478949.aspx

and also this SO post , which has the following formula in one of the comments:

Convert.ToBase64String((new Rfc2898DeriveBytes(YourPWD, YourSALT)).GetBytes(20))

However, this formula does not appear to work on my test data, which has the following inputs and outputs:

1. password: 888888
2. salt: ahEvjCX3FM04S5cSi1qdHA==
3. hashed password: y3rxLUDYdj1/+IGC94/tvW6M3pQTCi/9bq1cNOUgYlM=

You can see my test here: http://ideone.com/EClO2

using System;
using System.Security.Cryptography;

public class Test
{
        public static void Main()
        {
                Console.WriteLine(Convert.ToBase64String((new Rfc2898DeriveBytes("888888", System.Convert.FromBase64String("ahEvjCX3FM04S5cSi1qdHA=="))).GetBytes(20)));
        }
}

Thanks for any help!

UPDATE

Answered here: ASP.NET MembershipProvider -- How exactly does it do encryption?

Answer 1

Looking at the source code, they have a class called AspNetMembershipProvider which has a method called UserLogin . UserLogin calls a private method called ValidateUser which in turn uses the ASP.NET Membership provider so it actually calls this method Membership.ValidateUser internally.

So if you call the same method with the username and password, the membership provider will take care of the password hashing and return a boolean value indicating whether the password matches.