Use ASP.NET membership in PHP

Question

I need to authenticate against an ASP.NET membership table in php. The membership api is configured to use a hashed password.

Can someone kindly give me the php to hash the password that came from a login form and compare it to the sql field?

I know the password that I'm passing in is correct, but it's not hashing the same.

private function Auth( $username, $password )
{
    // Hashed password in db
    $hash = $this->parent->_memberData['conv_password'];

    // password passed from form
    $bytes = mb_convert_encoding($password, 'UTF-7');       

    // Salt from db
    $salt = base64_decode($this->parent->_memberData['misc']);

    // hash password from form with salt
    $hashedpassword = base64_encode(sha1($salt . $bytes, true));

    // Test em out
    if ($hashedpassword == $hash)
    {
        $this->return_code = "SUCCESS";
        return true;
    }
    else
    {
        $this->return_code = "WRONG_AUTH";
        return false;
    }
}

UPDATE:

I've tried different encodings with same results. UTF-7, UTF-8, and UTF-16.

UPDATE: I've been battling this for a week now. Bounty coming right up...

Here's the .net code in the form of a unit test. The unit test works and the values are straight out of the database. What's the correct translation of this code to php?

public void EncodePassword()
        {
        string expected = "aP/mqBu3VkX+rIna42ramuosS3s=";
        string salt = "urIaGX0zd/oBRMDZjc1CKw==";
        string pass = "Comeonman";

        byte[] bytes = Encoding.Unicode.GetBytes(pass);
        byte[] numArray = Convert.FromBase64String(salt);
        byte[] numArray1 = new byte[(int)numArray.Length + (int)bytes.Length];
        byte[] numArray2 = null;
        Buffer.BlockCopy(numArray, 0, numArray1, 0, (int)numArray.Length);
        Buffer.BlockCopy(bytes, 0, numArray1, (int)numArray.Length, (int)bytes.Length);

            HashAlgorithm hashAlgorithm = HashAlgorithm.Create("SHA1");
            if (hashAlgorithm != null)
            {
                numArray2 = hashAlgorithm.ComputeHash(numArray1);
            }

        Assert.AreEqual(Convert.ToBase64String(numArray2), expected);
    }

Answer 1

$password = 'Comeonman';
$salt = base64_decode('urIaGX0zd/oBRMDZjc1CKw=='); 
$utf16Password = mb_convert_encoding($password, 'UTF-16LE', 'UTF-8');
echo base64_encode(sha1($salt.$utf16Password, true));

Answer 2

I would suggest to create a webservice in .NET which will provide access to logging or any other .NET functionality to your PHP code.

Then you can just send XML request internally and see what you get.

I believe there are some PHP addins, which can call .NET webservices easily.

Answer 3

密码肯定编码为UTF-16，salt绝对是base-64编码的，但我不认为散列的结果是base-64编码。

Answer 4

你不需要machineKey来解码/编码吗？