I have a DotNetNuke database and an independent C# webservice. I receive two strings from the webservice, a "user code", that allows me to identify the user, and its password. I need to compare that password with the DotNetNuke one, but I can't find how to do it. How should I encrypt the password in order to compare it? I already have the DotNetNuke aspnet_membership registry which I need to compare with.
Asked
Active
Viewed 788 times
2 Answers
0
The DotNetNuke stored password will be Hashed, using a different hashing algorithm dependant on your setup.
If you find out what hash you are using, you could replicate the hashing on your passwords, and compare the results.
KingCronus
- 4,509
- 1
- 24
- 49
-
the passwordFormat is set to "Encrypted" not to "Hashed" – CarlosJ Mar 22 '12 at 12:57
-
In that case why not just encrypt whatever is sent to you and compare it? – KingCronus Mar 22 '12 at 13:01
-
What I couldn't find was the encryption method, but I found it, it is triple-des. I have not answer my own question because I can't do it during the next 8 hours after publishing a question – CarlosJ Mar 22 '12 at 14:58
0
I found it: the password can be stored with one of the following passwordFormat (set in the web.config): "Clear", "Hashed" (it uses SHA1) and "Encrypted" (Triple-DES).
CarlosJ
- 244
- 3
- 13