ndrw_cheung Absent Member.
Absent Member.
1033 views

Migrating eDirectory passwords to ASPNet Identity Framework

Hi. We plan to migrate users out of eDirectory (version 8.8) to a SQL server 2016 database that has tables used in ASPNet Identity Framework. The problem is with passwords. We have another field that stores the same data as the userPassword field, but the encrypted data there is obviously not the same as what the PasswordHash field stores in ASPNet Identity framework.

My question is : Assuming that we know how to hash a plain text password into what ASPNet Identity Framework requires, how do I manipulate the data stored in this other field (that contains the password data) so that I can change it to the format that ASPNet Identity framework uses?

If the encrypted password cannot be reverted back to plain text, are there other ways we can migrate the users and their passwords to ASPNet Identity Framework?

Your help is appreciated.

-Andrew
Labels (1)
0 Likes
1 Reply
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Migrating eDirectory passwords to ASPNet Identity Framework

On 02/02/2018 10:54 AM, ndrw cheung wrote:
>
> My question is : Assuming that we know how to hash a plain text password
> into what ASPNet Identity Framework requires, how do I manipulate the
> data stored in this other field (that contains the password data) so
> that I can change it to the format that ASPNet Identity framework uses?


This does not sound like an NMAS question, or a question for anything at
Micro Focus at all, but maybe I am misunderstanding.

At some point in time, maybe continuously, you get password data hashed
(meaning one-way algorithm) and stored into another field, let's call it
userPasswordHash. Now you want to know how to get from that back into
plain text so you can then encrypt it in a way for some other application?

You cannot reverse a one-way hash; it is impossible by definition, as
that is the purpose of a one-way hash. whether or not the one-way hash is
actually a one-way hash, vs some level of encoding, or encryption, or even
lousy obfuscation, depends on what you did to get the password hashed and
into that other field.

Assuming it is just obfuscated, encoded, or encrypted, just reverse the
obfuscation or encoding, or apply the decryption mechanism, to get back to
the cleartext password, then apply whatever you need to do to change it
for your application again. Since this is all your own code, you are
probably the only ones who can say how to do it.

> If the encrypted password cannot be reverted back to plain text, are
> there other ways we can migrate the users and their passwords to ASPNet
> Identity Framework?


If your users have Universal Passwords (UP) configured in eDirectory then
you could easily use Identity Manager (IDM) to send the user and password
data to any other application, including a relational database, fairly
easily; the JDBC driver is made to do this very thing, in fact.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.