Post

Creating a FormsAuthentication compatible MD5 hash

Posted
By Matt Berther
1 min read

A very common question that Ive seen come up in the ASP.NET newsgroups is how to make an MD5 hash that is compatible with FormsAuthentication.HashPasswordForStoringInConfigFile.

A typical example for this is when you want to create a hash as part of an installer, where you dont want to include a reference to system.web (to gain access to the FormsAuthentication class).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

using System;
using System.Security.Cryptography;
using System.Text;

class PasswordGenerator
{
    public static string GenerateHash(string plainText)
    {
        MD5 md5 = MD5.Create();
        byte[] hashBytes = md5.ComputeHash(Encoding.UTF8.GetBytes(plainText));

        StringBuilder result = new StringBuilder(32);
        foreach (byte b in hashBytes)
        {
            result.Append(b.ToString("x2").ToUpper()); // used to convert each byte to a hex string
        }

        return result.ToString();
    }
}

[TestFixture]
class PasswordGeneratorFixture
{
    [Test]
    public void TestEqual()
    {
        string expected = FormsAuthentication.HashPasswordForStoringInConfigFile("myTestPassword", "md5");
        string actual = PasswordGenerator.GenerateHash("myTestPassword");

        Assert.AreEqual(expected, actual);
    }
}

Currently, this only works with the MD5 password format, although the PasswordGenerator class could easily be updated to also support the SHA1 algorithm supported by FormsAuthentication.

Development, .NET
aspnet csharp security
This post is licensed under CC BY 4.0 by the author.