MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

any option to import a list of users ?  (Mono Support )

Viewed 47035 time(s), 24 post(s) 7/25/2013 6:58:50 PMby super
pajo

pajo

7/26/2013 12:37:51 PM
Unless you know how your previous system was hashing passwords, you probably will never be able to properly import passwords. First you need to match hashing algorithm, then you need to be sure salt is base64 encoded, if not you will need to encode it and find where your hashed passwords are. And then you must pray there aren't any other subtle  implementation differences, because if there are any you will need to implement your membership provider and override password encoding to match previous system. But without knowing details of how your passwords were hashed, you can only try to guess right configuration.
This content has not been rated yet. 
629 Reputation 83 Total posts
khorvat

khorvat

7/26/2013 12:50:45 PM
I agree with Vlatko, if you don't know the algorithm and your previous site is not ASP.NET based then it's questionable if implementing membership provider is worth the effort. Maybe you should consider more pragmatic approach and consider sending a newsletter to members with reset password option.

Regards
This content has not been rated yet. 
15993 Reputation 2214 Total posts
super

super

7/26/2013 12:55:53 PM
Ok, I think I understand that you are saying.

Could you please delete the screenshots that I posted in previous posts ? Just because it has salt key etc so don't wanna take a chance.

FYI...my other site is nopcommerce which is asp.net based site
This content has not been rated yet. 
6018 Reputation 709 Total posts
super

super

7/26/2013 1:25:26 PM
Alright, here is the algorithm of my other site for hashing password. any advise ?

public virtual string CreatePasswordHash(string password, string saltkey, string passwordFormat = "SHA1")
        {
            if (String.IsNullOrEmpty(passwordFormat))
                passwordFormat = "SHA1";
            string saltAndPassword = String.Concat(password, saltkey);
             
            var algorithm = HashAlgorithm.Create(passwordFormat);
            if (algorithm == null)
                throw new ArgumentException("Unrecognized hash name", "hashName");
 
            var hashByteArray = algorithm.ComputeHash(Encoding.UTF8.GetBytes(saltAndPassword));
            return BitConverter.ToString(hashByteArray).Replace("-", "");
        }
This content has not been rated yet. 
6018 Reputation 709 Total posts
khorvat

khorvat

7/26/2013 1:31:41 PM
FYI We have removed screenshots, try to find an user export from nopCommerce and see if this is usable.
This content has not been rated yet. 
15993 Reputation 2214 Total posts
super

super

7/26/2013 1:45:34 PM
Please see the algorithm that I posted above.

I have option to export users from nopcommerce to excel and xml but it include the same information as database tables like:

CustomerId CustomerGuid Email Username PasswordHash SaltKey AffiliateId


You can see the export feature here: http://admin-demo.nopcommerce.com/Admin/Customer/List

Login:

admin@yourstore.com
password: admin
This content has not been rated yet. 
6018 Reputation 709 Total posts
pajo

pajo

7/26/2013 1:54:58 PM
I see default algorithm is SHA1, not sure if this is configured somewhere. In your MonoX project search in your web.config for hashAlgorithmType, it should be also set to SHA1. But there could still be issues with encoding used to get bytes from string. If I remember correctly membership provider uses unicode encoding. Also it is using BitConverter to convert hashed password back to string and membership provider will look for base64 encoded string.
This content has not been rated yet. 
629 Reputation 83 Total posts
super

super

7/26/2013 2:03:32 PM
So I am assuming there is no way to transfer the password from nopcommerce to mono unless I change the password algorithm in monox to match nopcommerce ?

Also, how to set hashed password setting in monox by default for new users ?

<add connectionStringName="LocalSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="MonoX" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="AspNetSqlMembershipProvider" type="MonoSoftware.MonoX.MonoXMembershipProvider, MonoX" />

Do I need to do like this ? passwordFormat="Hashed" 
This content has not been rated yet. 
6018 Reputation 709 Total posts
khorvat

khorvat

7/26/2013 2:13:34 PM
Yes, that should be enough.
This content has not been rated yet. 
15993 Reputation 2214 Total posts
super

super

7/26/2013 2:24:00 PM
When I do this, and try to run monox, it gives me error

http://localhost:2464/MonoX/MonoX/Pages/MonoX/Error.aspx?aspxerrorpath=/MonoX/default.aspx


Server Error in '/MonoX' Application.


Runtime Error Description:
An exception occurred while processing your request. Additionally, another
exception occurred while executing the custom error page for the first
exception. The request has been terminated.


2013-07-26 10:21:46,475 [32] ERROR MonoX [BaseHttpApplication] - Application Error
System.Configuration.ConfigurationErrorsException: Password format specified is invalid. (C:\Users\Downloads\Projects\MonoX\web.config line 435) ---> System.Configuration.Provider.ProviderException: Password format specified is invalid.
   at System.Web.Security.SqlMembershipProvider.Initialize(String name, NameValueCollection config)
   at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType)
   --- End of inner exception stack trace ---
   at System.Web.Security.Membership.Initialize()
   at System.Web.Security.Membership.get_Provider()
   at MonoSoftware.MonoX.Repositories.MembershipRepository.GetApplicationId(Boolean enableCache)
   at MonoSoftware.MonoX.Repositories.MembershipRepository.GetApplicationId()
   at MonoSoftware.MonoX.Utilities.PageUtility.GetPageProperties(String appRelativeCurrentExecutionFilePath)
   at MonoSoftware.MonoX.BasePage.GetPageProperties()
   at MonoSoftware.MonoX.BasePage.get_PageProperties()
   at MonoSoftware.MonoX.BasePage.OnPreInit(EventArgs e)
   at System.Web.UI.Page.PerformPreInit()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at ASP.monox_pages_monox_error_aspx.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)


This is my webconfig:
<membership defaultProvider="AspNetSqlMembershipProvider" hashAlgorithmType="SHA1">
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add connectionStringName="LocalSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="MonoX" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="AspNetSqlMembershipProvider" type="MonoSoftware.MonoX.MonoXMembershipProvider, MonoX" />
        <!-- <add name="ActiveDirectoryMembershipProvider" type="MonoSoftware.MonoX.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" applicationName="MonoX"
         connectionUsername="username@yourdomain"
         connectionPassword="pwd" /> -->
      </providers>
    </membership>
This content has not been rated yet. 
6018 Reputation 709 Total posts
1 2 3