Ray
2008-Feb-15 16:06 UTC
Need help auth against current ASP.NET passwords using new rails site
I have an existing ASP.NET site that I am converting to rails. The passwords are sha1 hash generated and stored. I want the new site to authenticate against these passwords so the user do not have to reset thier passwords. How can I do this? Current ASP.NET code the generates the encrypted pass: key "3733E99C81904284624E960CEE5C472D2BC0F4379F1ECBE219ACA95B942DBE1C676CEC7B015768FE48C633B85AAF8BEBB37C567319017059F2A0C7D38FA8B92C" HMACSHA1 hash = new HMACSHA1(); hash.Key = HexToByte(_machineKey.ValidationKey); encodedPassword Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password))); ruby code using hmac-sha1 gem: require ''base64'' require ''hmac'' require ''hmac-sha1'' binary_data = @key.unpack(''a2''*16).map{|x| x.hex}.pack(''c''*16) encodedPassword = Base64.encode64(HMAC::SHA1::digest(binary_data, @password)).strip puts "The ruby encodedPassword is : #{encodedPassword}" puts ''My asp.net encodedPassword is : cbRMK/fCMzu5MpMCBreQIhytKas='' Thanks for any help --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Ray
2008-Feb-18 14:26 UTC
Re: Need help auth against current ASP.NET passwords using new rails site
The password I was testing with was ''ray''. Come one, someone please help, I can''t beleive no-one has run into this type of issue where they are converting an existing site and need to preserve passwords. I''m open to using any gem package out there so long as I can get this to work. Thanks On Feb 15, 11:06 am, Ray <ray-l...-Wuw85uim5zDR7s880joybQ@public.gmane.org> wrote:> I have an existingASP.NETsite that I am converting to rails. The > passwords are sha1 hash generated and stored. I want the new site to > authenticate against these passwords so the user do not have to reset > thier passwords. How can I do this? > > CurrentASP.NETcode the generates the encrypted pass: > > key > "3733E99C81904284624E960CEE5C472D2BC0F4379F1ECBE219ACA95B942DBE1C676CEC7B015768FE48C633B85AAF8BEBB37C567319017059F2A0C7D38FA8B92C" > HMACSHA1 hash = new HMACSHA1(); > hash.Key = HexToByte(_machineKey.ValidationKey); > encodedPassword > Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password))); > > ruby code using hmac-sha1 gem: > require ''base64'' > require ''hmac'' > require ''hmac-sha1'' > > binary_data = @key.unpack(''a2''*16).map{|x| x.hex}.pack(''c''*16) > encodedPassword = Base64.encode64(HMAC::SHA1::digest(binary_data, > @password)).strip > puts "The ruby encodedPassword is : #{encodedPassword}" > puts ''My asp.netencodedPassword is : cbRMK/fCMzu5MpMCBreQIhytKas='' > > Thanks for any help--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2008-Feb-18 16:00 UTC
Re: Need help auth against current ASP.NET passwords using new rails site
On 18 Feb 2008, at 14:26, Ray wrote:> > The password I was testing with was ''ray''. Come one, someone please > help, I can''t beleive no-one has run into this type of issue where > they are converting an existing site and need to preserve passwords. > I''m open to using any gem package out there so long as I can get this > to work. Thanks >Well you haven''t said what problems you are having. for starters your asp.net is using _machineKey.ValidationKey which I assume is some magic constant, whereas your ruby code is using @key, which you don''t seem to be setting anywhere Fred> On Feb 15, 11:06 am, Ray <ray-l...-Wuw85uim5zDR7s880joybQ@public.gmane.org> wrote: >> I have an existingASP.NETsite that I am converting to rails. The >> passwords are sha1 hash generated and stored. I want the new site to >> authenticate against these passwords so the user do not have to reset >> thier passwords. How can I do this? >> >> CurrentASP.NETcode the generates the encrypted pass: >> >> key >> "3733E99C81904284624E960CEE5C472D2BC0F4379F1ECBE219ACA95B942DBE1C676CEC7B01 >> 5768FE48C633B85AAF8BEBB37C567319017059F2A0C7D38FA8B92C" >> HMACSHA1 hash = new HMACSHA1(); >> hash.Key = HexToByte(_machineKey.ValidationKey); >> encodedPassword >> Convert >> .ToBase64String >> (hash.ComputeHash(Encoding.Unicode.GetBytes(password) )); >> >> ruby code using hmac-sha1 gem: >> require ''base64'' >> require ''hmac'' >> require ''hmac-sha1'' >> >> binary_data = @key.unpack(''a2''*16).map{|x| x.hex}.pack(''c''*16) >> encodedPassword = >> Base64.encode64(HMAC::SHA1::digest(binary_data, >> @password)).strip >> puts "The ruby encodedPassword is : #{encodedPassword}" >> puts ''My asp.netencodedPassword is : cbRMK/fCMzu5MpMCBreQIhytKas='' >> >> Thanks for any help > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Ray
2008-Feb-19 13:13 UTC
Re: Need help auth against current ASP.NET passwords using new rails site
Ok, so I didn''t format the code 100% correct, the @key _machineKey.ValidationKey = key...and @password = password = ''ray''. This is standard config stuff in asp.net. The problem is that I cannot get the ruby code give me the same encodedPassword value as the asp.net code using the same password value. Ray Thanks On Feb 18, 11:00 am, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On 18 Feb 2008, at 14:26, Ray wrote: > > > Well you haven''t said what problems you are having. for starters your > asp.net is using _machineKey.ValidationKey which I assume is some > magic constant, whereas your ruby code is using @key, which you don''t > seem to be setting anywhere > > Fred--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2008-Feb-19 13:36 UTC
Re: Need help auth against current ASP.NET passwords using new rails site
On 19 Feb 2008, at 13:13, Ray wrote:> > Ok, so I didn''t format the code 100% correct, the @key > _machineKey.ValidationKey = key...and @password = password = ''ray''. > This is standard config stuff in asp.net. The problem is that I cannot > get the ruby code give me the same encodedPassword value as the > asp.net code using the same password value. >It''s kind of hard to help if the code you''re running isn''t the same as the code that''s in your email. Anyway, at least one problem area is on the line binary_data = @key.unpack(''a2''*16).map{|x| x.hex}.pack(''c''*16) You''re only telling ruby to consume the first 32 characters of @key, even though @key is 128 characters long, so binary_data only contains 16 bytes worth of stuff, instead of 64 Fred> Ray > Thanks > > On Feb 18, 11:00 am, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> > wrote: >> On 18 Feb 2008, at 14:26, Ray wrote: >> >> >> Well you haven''t said what problems you are having. for starters your >> asp.net is using _machineKey.ValidationKey which I assume is some >> magic constant, whereas your ruby code is using @key, which you don''t >> seem to be setting anywhere >> >> Fred > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---