I have been tasked with rebuilding an ancient website which is written in ASP.net and VB on Windows Server 2003 R2. I need to allow users to log into the new site once using their current (old) password before I have them create a new one.
I have access to all the files and code, and the DB of hashes and salts etc., as well as the Web.config and its <machineKey/>
.
My question is, how do I hash (currently it's set to "encrypt" in ASP.net, actually) the user's input in another language so that I can compare the hashed values on their first login?
<machineKey/>
says validation="SHA1"
. Web.config has no mention of algorithm elsewhere.
The specific .NET method being used to create users in the VB code is System.Web.Security.Membership.CreateUser()
.How could I mimic that in Node.js, Java, or PHP (I can translate from those langs if I need to)?
EDIT: If any one can decipher this method and tell me what's actually going on, I'd appreciate it.