0

In my ASP.NET MVC 5 app I have to retrieve the hashed password for SQL Server Logins with a query like this:

select password from sys.syslogins where name = 'name'

The result is:

Base64 password

How should I query the database to get a valid Base64 password?

The topmost item in stack trace is System.Convert.FromBase64_Decode.

[I'm trying to implement IUserPasswordStore, and it seems it expects the hashed passwords to be in Base64 format]

Akbari
  • 2,369
  • 7
  • 45
  • 85

2 Answers2

2

You have to Convert the Base64 String back to Bytes and then construct string according to character set as 

string s=Encoding.ASCII.GetString(Convert.FromBase64String("base_64_string"));

make sure you use correct character set .Encoding Class has plenty of them.

if you want to query from TSQL you may see this link

http://blog.falafel.com/t-sql-easy-base64-encoding-and-decoding/

Base64 encoding in SQL Server 2005 T-SQL

sql server stores the passwords as Hash so its not possible to retrieve password but you can compare passwords using PWDCOMPARE

https://msdn.microsoft.com/en-us/library/dd822792.aspx

How to decode password from sys.syslogins table

Community
  • 1
  • 1
Akshita
  • 849
  • 8
  • 15
  • Thanks for your replay, but I'm not able to run it yet. Can you please guide me about the query? The result that I've posted in the question is not a valid Base64 string, is it? How can I query that? – Akbari Jun 16 '15 at 06:30
  • Thanks, but I'm trying to implement [User Store](http://stackoverflow.com/questions/30825546/implementing-usermanager-to-use-a-custom-class-and-stored-procedures), and I don't think that I'm able to override its behavior. – Akbari Jun 16 '15 at 06:38
  • 1
    for implementing UserStore,in my thinking , the Password field is only used to set the password in case of create user/change password.The only thing you can consider is Authentication in which you have to compare the hash(generated from user password) and hash stored in Database.this does not involve Password. – Akshita Jun 16 '15 at 06:44
1

As I understand, your database contains hashed passwords and you want to convert them to a base64 string so that it can be decoded. If the database contains hashed passwords, you cannot convert them to base64 format. The purpose of hashing a password is that it cannot be decoded. More information can be found here.

If you want to compare a login password with the one stored in the database, first hash the login password and then compare the generated hash string with the one in the database. Make sure that the hashing process is the same as the one used for generating the hash passwords in the database. Check out this link for more info.

Haris
  • 757
  • 1
  • 7
  • 10