How to manually verify a user against the asp.net memberhip database

Posted by Ekk on Stack Overflow See other posts from Stack Overflow or by Ekk
Published on 2010-05-18T10:09:36Z Indexed on 2010/05/18 10:10 UTC
Read the original article Hit count: 240

I would like to know how I can verify a user's credential against an existing asp.net membership database. The short story is that we want provide single sign on access.

So what I've done is to connect directly to the membership database and tried to run a sql query against the aspnet_Membership table:

private bool CanLogin(string userName, string password)
{
  // Check DB to see if the credential is correct
  try
    {
      string passwordHash = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1");
      string sql = string.Format("select 1 from aspnet_Users a inner join aspnet_Membership b on a.UserId = b.UserId and a.applicationid = b.applicationid where a.username = '{0}' and b.password='{1}'", userName.ToLowerInvariant(), passwordHash);
      using (SqlConnection sqlConn = new SqlConnection(ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString))
      using (SqlCommand sqlCmd = new SqlCommand(sql, sqlConn))
      {
         sqlConn.Open();
         int count = sqlCmd.ExecuteNonQuery();
         sqlConn.Close();
         return count == 1;
       }
    }
    catch (Exception ex)
    {
        return false;
    }

 }

The problem is the password value, does anyone know how the password it is hashed?

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about security