Integrating MediaWiki's users to a personal ASP.NET Website

Jump to: navigation, search

Hi,

I'm currently in the process of developing a Website for my reenactment group. Part of the development consisted in creating a Wiki using MediaWiki. I'm currently developing the user login page for my ASP.NET application and to avoid the need to create another user table, and also keeping the current list of the Wiki's users I wanted to use the MediaWiki user's table.

My problem is with the password, I have no idea how the encryption algorithm works so I can't compare the passwords. Is there any way I could use the User's table for my ASP.NET application?

Thanks, Nicolas Costa

200.89.154.8216:16, 19 April 2012

Have a look at Manual:User table#user_password.

Krenair (talkcontribs)16:21, 19 April 2012

Hi,

Thanks for the guide. I'm currently attempting to decrypt the password, what I did first was convert the byte[] array to a string using

System.Text.Encoding enc = System.Text.Encoding.ASCII;

               string p = enc.GetString(u[0].User_password); //u[0].User_password is the byte[] of the password.


This is the result: 260960baba3a5d00959bb8bc6880fdec

200.89.154.8216:54, 19 April 2012

What I would like is a step-by-step of the process I would need to follow to validate the user's password from my personal website, since in the link above it's not clear how you get "A pseudo-random hexadecimal 31-bit salt between 0x0 and 0x7fff ffff (inclusive)", for this exercise let's use the string "example".

200.89.154.8219:02, 19 April 2012

So far I have completed most of the algorythm in C#.

string pwd = GetMd5Sum(password); string hash = (GetMd5Sum("salt" + "-" + pwd));

pwd = GetMd5Sum(":B:" + "salt" + ":" + hash);

return pwd;

The only part I have been unable to solve is the Salt. How can I complete it?

200.89.154.8214:01, 23 April 2012

Here's your solution:

   public Byte[] createWikiUserPassword(string newPassword)
       {
           
           // Wikipassword in format ":B:" + salt + ":" + md5 hash of ( salt + "-" + md5 hash of (password) )
           // Create Salt                
           Byte[] salt = new Byte[4];
           RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
           rng.GetBytes(salt);
           
           MD5 md5 = MD5.Create();
           string strSalt = hash2hexstring(salt);
                               
           // MD5 has of password
           Byte[] hashPassword = md5.ComputeHash(Encoding.UTF8.GetBytes(input));
           string strHashPassword = hash2hexstring(hashPassword);
           
           // MD5 hash of salt + dash + hashPassword
           Byte[] md5saltPasswordHash  = md5.ComputeHash(enc.GetBytes( strSalt + "-" + strHashPassword ));
           string strMd5SaltPasswordHash = hash2hexstring(md5saltPasswordHash);
           string strUserPassword = ":B:" + strSalt + ":" + strMd5SaltPasswordHash;
           
           // Total result
           Byte[] userPassword = enc.GetBytes(strUserPassword);
           return userPassword;
       }

       private string hash2hexstring(byte[] input)
       {
           string strInput = BitConverter.ToString(input);
           strInput = strInput.Replace("-", "");
           strInput = strInput.ToLower();
           return strInput;
       }
80.254.146.13214:35, 27 April 2012

Sorry, I missed the declaration if 'enc':

private System.Text.UTF8Encoding enc = new System.Text.UTF8Encoding();

Cheers,

Carl.

80.254.146.13214:36, 27 April 2012

You can edit your post you know.

Krenair (talkcontribs)14:59, 27 April 2012
 
 
 
 
 
 
 
Retrieved from "http://www.mediawiki.org/wiki/Thread:Project:Support_desk/Integrating_MediaWiki%27s_users_to_a_personal_ASP.NET_Website#Integrating_MediaWiki.27s_users_to_a_personal_ASP.NET_Website_14856"