https://discord.umbraco.com logo
Join Discord
Powered by
Upgrading/rebuilding from V8 - Members and passwor...
# help-with-umbraco
c
We're in the process of moving from a V8 site with members to a rebuild based on 13. Is it possible to port the members (specifically their passwords) from legacy to modern versions of Umbraco?
d
Hi there! You could try the usync people edition package. Export on v8 and import in v13. I'm not sure if it works just like that, but it's something you could try at least
c
>When you set up PeopleEdition, you need to make sure that all Umbraco instances share a machine key, so that passwords are encrypted in the same way.
hrm
Current plan is to bring over their old hashes... and on login, we'll check their password against the old hash and with the old algorithm.. if it matches, we can set their password on the new system
d
That's clever 👍
s
Care to share how you are going to do that? 🙂
c
Copy code
using System.Security.Cryptography;
using System.Text;

//This has been set to a well known password of "Password123!@#"
var passwordStoredInDatabase = "cPwN11HfULD1FZQYAOFYJg==KAppawBIUf1cpgwspme5pVEVa5xN3A6ZFH2rtt1KWSU=";

//The salt is the first 24 characters of what is stored in the database for the password.
var salt = passwordStoredInDatabase[..24];
var saltBytes = Convert.FromBase64String(salt);

//By default, the KeyLength is 64 bytes, presumably based on the machine key in webconfig
//The following code pads it out based on the provided salt.
//This code is in the Umbraco source, apparently pinched from the SqlMembershipProvider, which has some questionable licensing implications.
var dstOffset = 0;
var newSalt = new byte[64];
while (dstOffset < newSalt.Length)
{
    var count = Math.Min(saltBytes.Length, newSalt.Length - dstOffset);
    Buffer.BlockCopy(saltBytes, 0, newSalt, dstOffset, count);
    dstOffset += count;
}

using var hashAlgorith = new HMACSHA256(newSalt);

//This is what we are trying to match
var passwordBytes = Encoding.Unicode.GetBytes("Password123!@#");

var ourNewPasswordHash = Convert.ToBase64String(hashAlgorith.ComputeHash(passwordBytes));

Console.WriteLine("Resulting hash: {0}", ourNewPasswordHash);

//This is the password component of what is stored in the database. I.e everything that is not the salt.
var hashedPasswordInDatabase = passwordStoredInDatabase[salt.Length..];

Console.WriteLine("Matching password? {0}", ourNewPasswordHash == hashedPasswordInDatabase);
44 Views
PreviousNext
Powered by