1

Recently my client approached me with a migration project. They are planning to migrate the project from ASP.NET MVC to ASP.NET Core MVC. I noticed that the legacy project uses ASP.NET Membership to authenticate users. Now after some analysis I thought it would be best to migrate ASP.NET Membership to ASP.NET Core Identity and I found this migration documentation from Microsoft.

But it was mentioned in the document that,

In this mapping, there's no map for passwords, as both password criteria and password salts don't migrate between the two. It's recommended to leave the password as null and to ask users to reset their passwords.

By my client is not ready to do this approach as we have a lot of users and he doesn't want every single user to reset the password.

Is there any workaround or possibility to achieve this? Please can anyone suggest a workaround or other alternatives to achieve this?

fingers10
  • 6,675
  • 10
  • 49
  • 87

1 Answers1

0

The asp.net membership and asp.net core Identity use the different hashing algorithm.So it's recommended to leave the password as null.

To reuse old passwords we need to selectively decrypt passwords when old users log in using the SQL memberships algorithm while using the crypto algorithm in Identity for the new users.Please refer to the following tutorials:

https://learn.microsoft.com/en-us/aspnet/identity/overview/migrations/migrating-an-existing-website-from-sql-membership-to-aspnet-identity

https://learn.microsoft.com/en-us/aspnet/identity/overview/migrations/migrating-universal-provider-data-for-membership-and-user-profiles-to-aspnet-identity

Rena
  • 30,832
  • 6
  • 37
  • 72