Set password with SHA2 encryption

Fuad Dahlan asked on November 22, 2017 09:48

Hi all,

I just changed the settings for password to SHA2-salt but the SetPassword method that I used in my user registration form doesn't work anymore. Any idea why is it not working? Do I need to pass in the UserGUID and webconfigsha2staticsaltvalue and save it as one string in the password field?

Thanks.

Recent Answers

Trevor Fayas answered on November 23, 2017 03:04

What error is it giving? Can you elaborate on what's not working?

0 votesVote for this answer Mark as a Correct answer

Fuad Dahlan answered on November 23, 2017 04:49

After I change the password format to SHA2-salt, I can't login to my account after I register a new user through the web application. The method I used to store the password is SetPassword. There are no errors logged in the event log.

0 votesVote for this answer Mark as a Correct answer

Trevor Fayas answered on November 23, 2017 05:11

I'm looking at the SetPassword logic right now, what it does it is uses the UserInfo object's UserSalt property as the salt.

Then it takes that and generates the password from concatenating the Password, the Salt, and also the "mPasswordSalt" which is an internal value i don't know what that resolves to (if it can't find it, it uses the AppSettings key "CMSPasswordSalt").

After it finishes and saves, it should put an Information Event Lot item in, so if you don't see that it must be breaking before hand.

I would check what the UserInfo object's PasswordSalt value is, make sure that's set, otherwise you may need to send in a request that this is a bug, everything looks proper.

I assume you're on version 10?

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.