Hi
We are converting our MVC 4 application to Asp.net MVC Core Identity. In old application we were saving hashed password and password salt in database and actual password is not saved anywhere. Now we need to migrate existing users to 'AspNetUser' table where it internally hash password and save it so that old users can also able to login the site after converting the application to asp.net identity.
We were using following code previously to save password
public const int SALT_BYTES = 24;
public const int HASH_BYTES = 24;
public const int PBKDF2_ITERATIONS = 1000;
public const int ITERATION_INDEX = 0;
public const int SALT_INDEX = 1;
public const int PBKDF2_INDEX = 2;
if (!string.IsNullOrEmpty(userModel.Password))
{
RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
byte[] salt = new byte[SALT_BYTES];
csprng.GetBytes(salt);
userModel.PasswordSalt = Convert.ToBase64String(salt);
// Hash the password and encode the parameters
byte[] hash = PBKDF2(userModel.Password, salt, PBKDF2_ITERATIONS, HASH_BYTES);
userModel.Password = Convert.ToBase64String(hash);
}
private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
{
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
pbkdf2.IterationCount = iterations;
return pbkdf2.GetBytes(outputBytes);
}So can you please tell how to convert old passwords to asp.net identity passwords? Is there any way to convert old hashed or salt passwords to new identity password hash ?
Thanks,
Ashvini Awaskar