If you want to use the webwiz forum as your central login system you might want to create some functions to login a user from the database the same way webwiz does. This way you can create a seamless login experience, a user logins on your custom login page, and it creates a cookie that logs the user in across the entire site.
Step 1
In Forum/functions/functions_hash1way.asp, replace the function HashEncode(strSecret) with:
Function HashEncode(strSecret)
Dim objXMLHTTP
Dim strHashVal
'Send request to encryption page
Set objXMLHTTP = Server.CreateObject("Microsoft.XMLHTTP")
objXMLHTTP.Open "GET", "http://127.0.0.1/scirranew/Handlers/Encrypt.ashx?str=" & strSecret, False
objXMLHTTP.Send
'Get encrypted value
strHashVal = objXMLHTTP.responseText
Set objXMLHTTP = Nothing
'Return value
HashEncode = strHashVal
End Function
|
The SHA1 algorithm that WWG users produces different results to the .NET inbuilt SHA1 algorithm.
Step 2
Next, create a new file in ~/Handlers/ called Encrypt.ashx. You can put it anywhere you want, but make sure you change the absolute path in the ASP function above. Encrypt.ashx should contain:
<%@ WebHandler Language="C#" Class="Encrypt" %>
using System;
using System.Web;
public class Encrypt : IHttpHandler {
public void ProcessRequest (HttpContext context) {
context.Response.ContentType = "text/plain";
string InputCode = context.Request.QueryString["str"];
context.Response.Write(Login.GetSha1(InputCode));
}
public bool IsReusable {
get {
return false;
}
}
}
|
Step 3
This next step is very important! Because we have changed the hashing algorithm, users stored passwords are going to be incorrect. Open your database up. I'm working with a blank database, so I know the administrator password. Visit your encrypt handler with the following URL:
Encrypt.ashx?str=letmein72964E7 |
Where the code after the password is the corresponding salt value. Then you will have a hash code, copy and paste this into the administrators password field.
Step 4
Next create a class in your App_code folder called Login.cs. This will contain all your functions and methods for performing a login.
/// <summary>
/// Summary description for Login
/// </summary>
public class Login
{
/// <summary>
/// Hashes a string with SHA1
/// </summary>
/// <param name="value">String to hash</param>
/// <returns></returns>
public static string GetSha1(string value)
{
var data = Encoding.ASCII.GetBytes(value);
var hashData = new SHA1Managed().ComputeHash(data);
var hash = string.Empty;
foreach (var b in hashData)
hash += b.ToString("X2");
return hash;
}
} |
I'll update this post with an expanded Login.cs once I've completed all the other functionality, but that's your basic setup.
Topic Options
Post Options
Thanks(0)
