1 public override PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword) 2 { 3 string[] passwordProperties = hashedPassword.Split('|'); 4 if (passwordProperties.Length != 3) 5 { 6 return base.VerifyHashedPassword(hashedPassword, providedPassword); 7 } 8 else 9 { 10 string passwordHash = passwordProperties[0]; 11 int passwordformat = 1; 12 string salt = passwordProperties[2]; 13 if (String.Equals(EncryptPassword(providedPassword, passwordformat, salt), passwordHash, StringComparison.CurrentCultureIgnoreCase)) 14 { 15 return PasswordVerificationResult.SuccessRehashNeeded; 16 } 17 else 18 { 19 return PasswordVerificationResult.Failed; 20 } 21 } 22 } 23 24
25 private string EncryptPassword(string pass, int passwordFormat, string salt) 26 { 27 if (passwordFormat == 0)
28 return pass; 29 30 byte[] bIn = Encoding.Unicode.GetBytes(pass); 31 byte[] bSalt = Convert.FromBase64String(salt); 32 byte[] bRet = null; 33 34 if (passwordFormat == 1) 35 { // MembershipPasswordFormat.Hashed 36 HashAlgorithm hm = HashAlgorithm.Create("SHA1"); 37 if (hm is KeyedHashAlgorithm) 38 { 39 KeyedHashAlgorithm kha = (KeyedHashAlgorithm)hm; 40 if (kha.Key.Length == bSalt.Length) 41 { 42 kha.Key = bSalt; 43 } 44 else if (kha.Key.Length < bSalt.Length) 45 { 46 byte[] bKey = new byte[kha.Key.Length]; 47 Buffer.BlockCopy(bSalt, 0, bKey, 0, bKey.Length); 48 kha.Key = bKey; 49 } 50 else 51 { 52 byte[] bKey = new byte[kha.Key.Length]; 53 for (int iter = 0; iter < bKey.Length; ) 54 { 55 int len = Math.Min(bSalt.Length, bKey.Length - iter); 56 Buffer.BlockCopy(bSalt, 0, bKey, iter, len); 57 iter += len; 58 } 59 kha.Key = bKey; 60 } 61 bRet = kha.ComputeHash(bIn); 62 } 63 else 64 { 65 byte[] bAll = new byte[bSalt.Length + bIn.Length]; 66 Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length); 67 Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length); 68 bRet = hm.ComputeHash(bAll); 69 } 70 } 71 72 return Convert.ToBase64String(bRet); 73 }