Created
November 13, 2012 23:23
-
-
Save dereklawless/4069109 to your computer and use it in GitHub Desktop.
Convert encrypted ASP.NET membership passwords to clear-form.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/// <summary> | |
/// Extensions for membership providers. | |
/// </summary> | |
public static class MembershipProviderExtensions | |
{ | |
/// <summary> | |
/// Switches the specified ASP.NET membership user to a clear password format, updating the associated fields. | |
/// </summary> | |
/// <param name="user">The membership user.</param> | |
/// <exception cref="System.ArgumentNullException" /> | |
public static void SwitchToClearPasswordFormat(this MembershipUser user) | |
{ | |
if (user == null) | |
{ | |
throw new ArgumentNullException("user"); | |
} | |
if (Membership.Providers[user.ProviderName] is SqlMembershipProvider) | |
{ | |
using (var connection = new SqlConnection(ConfigurationManager.ConnectionStrings["AcmeCorpPortalMembership"].ConnectionString)) | |
{ | |
// Get the user's (possibly encrypted or hashed) security credentials. | |
var selectQuery = "SELECT Password, PasswordFormat, PasswordAnswer FROM aspnet_Membership WHERE UserId = @userId"; | |
var cmd = new SqlCommand(selectQuery, connection); | |
cmd.Parameters.Add(new SqlParameter { ParameterName = "userId", Value = user.ProviderUserKey }); | |
string password = null; | |
int passwordFormat = 0; | |
string passwordAnswer = null; | |
connection.Open(); | |
var reader = cmd.ExecuteReader(); | |
while (reader.HasRows && reader.Read()) | |
{ | |
password = (string)reader["Password"]; | |
passwordFormat = (int)reader["PasswordFormat"]; | |
passwordAnswer = (string)reader["PasswordAnswer"]; | |
} | |
reader.Close(); | |
connection.Close(); | |
if (passwordFormat == (int)MembershipPasswordFormat.Encrypted) | |
{ | |
var provider = new AcmeCorpMembershipProvider(); | |
var updateQuery = "UPDATE aspnet_Membership SET Password = @password, PasswordFormat = 0, PasswordAnswer = @passwordAnswer WHERE UserId = @userId"; | |
var cmd1 = new SqlCommand(updateQuery, connection); | |
cmd1.Parameters.Add(new SqlParameter { ParameterName = "password", Value = provider.DecryptPassword(password) }); | |
cmd1.Parameters.Add(new SqlParameter { ParameterName = "passwordAnswer", Value = provider.DecryptPassword(passwordAnswer) }); | |
cmd1.Parameters.Add(new SqlParameter { ParameterName = "userId", Value = user.ProviderUserKey }); | |
connection.Open(); | |
cmd1.ExecuteNonQuery(); | |
connection.Close(); | |
} | |
} | |
} | |
} | |
} | |
/// <summary> | |
/// An ACME corp-specific version of SqlMembershipProvider. | |
/// </summary> | |
public class AcmeCorpMembershipProvider : SqlMembershipProvider | |
{ | |
/// <summary> | |
/// Decrypts the specified password string. | |
/// </summary> | |
/// <param name="encryptedPassword">The encryptedPassword.</param> | |
/// <returns>The decrypted password string.</returns> | |
public string DecryptPassword(string encryptedPassword) | |
{ | |
var encodedPassword = Convert.FromBase64String(encryptedPassword); | |
var bytes = base.DecryptPassword(encodedPassword); | |
return Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment