Skip to content

Instantly share code, notes, and snippets.

@dereklawless
Created November 13, 2012 23:23
Show Gist options
  • Save dereklawless/4069109 to your computer and use it in GitHub Desktop.
Save dereklawless/4069109 to your computer and use it in GitHub Desktop.
Convert encrypted ASP.NET membership passwords to clear-form.
/// <summary>
/// Extensions for membership providers.
/// </summary>
public static class MembershipProviderExtensions
{
/// <summary>
/// Switches the specified ASP.NET membership user to a clear password format, updating the associated fields.
/// </summary>
/// <param name="user">The membership user.</param>
/// <exception cref="System.ArgumentNullException" />
public static void SwitchToClearPasswordFormat(this MembershipUser user)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (Membership.Providers[user.ProviderName] is SqlMembershipProvider)
{
using (var connection = new SqlConnection(ConfigurationManager.ConnectionStrings["AcmeCorpPortalMembership"].ConnectionString))
{
// Get the user's (possibly encrypted or hashed) security credentials.
var selectQuery = "SELECT Password, PasswordFormat, PasswordAnswer FROM aspnet_Membership WHERE UserId = @userId";
var cmd = new SqlCommand(selectQuery, connection);
cmd.Parameters.Add(new SqlParameter { ParameterName = "userId", Value = user.ProviderUserKey });
string password = null;
int passwordFormat = 0;
string passwordAnswer = null;
connection.Open();
var reader = cmd.ExecuteReader();
while (reader.HasRows && reader.Read())
{
password = (string)reader["Password"];
passwordFormat = (int)reader["PasswordFormat"];
passwordAnswer = (string)reader["PasswordAnswer"];
}
reader.Close();
connection.Close();
if (passwordFormat == (int)MembershipPasswordFormat.Encrypted)
{
var provider = new AcmeCorpMembershipProvider();
var updateQuery = "UPDATE aspnet_Membership SET Password = @password, PasswordFormat = 0, PasswordAnswer = @passwordAnswer WHERE UserId = @userId";
var cmd1 = new SqlCommand(updateQuery, connection);
cmd1.Parameters.Add(new SqlParameter { ParameterName = "password", Value = provider.DecryptPassword(password) });
cmd1.Parameters.Add(new SqlParameter { ParameterName = "passwordAnswer", Value = provider.DecryptPassword(passwordAnswer) });
cmd1.Parameters.Add(new SqlParameter { ParameterName = "userId", Value = user.ProviderUserKey });
connection.Open();
cmd1.ExecuteNonQuery();
connection.Close();
}
}
}
}
}
/// <summary>
/// An ACME corp-specific version of SqlMembershipProvider.
/// </summary>
public class AcmeCorpMembershipProvider : SqlMembershipProvider
{
/// <summary>
/// Decrypts the specified password string.
/// </summary>
/// <param name="encryptedPassword">The encryptedPassword.</param>
/// <returns>The decrypted password string.</returns>
public string DecryptPassword(string encryptedPassword)
{
var encodedPassword = Convert.FromBase64String(encryptedPassword);
var bytes = base.DecryptPassword(encodedPassword);
return Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment