Need help auth against current ASP.NET passwords using new rails site

Ray · March 13, 2020, 10:48pm

I have an existing ASP.NET site that I am converting to rails. The
passwords are sha1 hash generated and stored. I want the new site to
authenticate against these passwords so the user do not have to reset
thier passwords. How can I do this?

Current ASP.NET code the generates the encrypted pass:

  key =
"3733E99C81904284624E960CEE5C472D2BC0F4379F1ECBE219ACA95B942DBE1C676CEC7B015768FE48C633B85AAF8BEBB37C567319017059F2A0C7D38FA8B92C"
  HMACSHA1 hash = new HMACSHA1();
  hash.Key = HexToByte(_machineKey.ValidationKey);
  encodedPassword =
Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));

ruby code using hmac-sha1 gem:
  require 'base64'
  require 'hmac'
  require 'hmac-sha1'

  binary_data = @key.unpack('a2'*16).map{|x| x.hex}.pack('c'*16)
  encodedPassword = Base64.encode64(HMAC::SHA1::digest(binary_data,
@password)).strip
  puts "The ruby encodedPassword is : #{encodedPassword}"
  puts 'My asp.net encodedPassword is : cbRMK/fCMzu5MpMCBreQIhytKas='

Thanks for any help

Ray · March 14, 2020, 12:30am

The password I was testing with was 'ray'. Come one, someone please
help, I can't beleive no-one has run into this type of issue where
they are converting an existing site and need to preserve passwords.
I'm open to using any gem package out there so long as I can get this
to work. Thanks

Frederick_Cheung · March 14, 2020, 12:30am

The password I was testing with was 'ray'. Come one, someone please
help, I can't beleive no-one has run into this type of issue where
they are converting an existing site and need to preserve passwords.
I'm open to using any gem package out there so long as I can get this
to work. Thanks

Well you haven't said what problems you are having. for starters your
asp.net is using _machineKey.ValidationKey which I assume is some
magic constant, whereas your ruby code is using @key, which you don't
seem to be setting anywhere

Fred

Ray · March 14, 2020, 12:30am

Ok, so I didn't format the code 100% correct, the @key =
_machineKey.ValidationKey = key...and @password = password = 'ray'.
This is standard config stuff in asp.net. The problem is that I cannot
get the ruby code give me the same encodedPassword value as the
asp.net code using the same password value.

Ray
Thanks

Frederick_Cheung · March 14, 2020, 12:30am

Ok, so I didn't format the code 100% correct, the @key =
_machineKey.ValidationKey = key...and @password = password = 'ray'.
This is standard config stuff in asp.net. The problem is that I cannot
get the ruby code give me the same encodedPassword value as the
asp.net code using the same password value.

It's kind of hard to help if the code you're running isn't the same as
the code that's in your email.
Anyway, at least one problem area is on the line
binary_data = @key.unpack('a2'*16).map{|x| x.hex}.pack('c'*16)
You're only telling ruby to consume the first 32 characters of @key,
even though @key is 128 characters long, so binary_data only contains
16 bytes worth of stuff, instead of 64

Fred