Site Security Bug with SHA256 and ASP.net

Windows 10
Wappler 6.6.2
IIS/asp.net
SQL server

Ok, I'm setting up a new site in asp.net. I'm using authentication from a database used on a sister site that is developed in asp classic. for the life of me I can't get the site security with database authentication to work. I am encrypting the passwords with a sha256 and a salt. So password field is as

$_POST.password.sha256('madeUpSaltGoesHere')

It all works on the other site. So I'm starting to think maybe is an encryption error of some sort with the asp.net implementation?

I was at my wits end so instead of comparing the hashes, I entered the full hashed password manually. And low and behold that worked. So just wondering if there is a bug in there somewhere.

Capture2

Or how I can test whats going on here? I'm sure the matching salts are correct. @patrick

What about the security provider?
You have one on the server connect?
Is there a chance that you have another under globals with the same name?

You can put a Set Value step that shows the hashed password, and then look in the browser console to see the hash

I'll try that to see if the hash is getting mashed up. Be a couple hours till I can get back to it.

ok, @patrick @George I have solved what the issue is. On the other wappler site that was creating the SHA256 hashs for passwords, the older asp classic site the letter characters were 'lower' case characters, and I had never specifically specified lower case, that was just the way the wappler SHA256 created the hash. And the new versions at least with asp.net and wappler 6.7.0 (and assume its been this way for a while) it is creating the hashs with 'UPPER' case characters. UGH!!!! I've literally spent days trying to troubleshoot this. I can simply apply the lower case formatter to it and it solves the issue. But in case someone else runs across this, this is what the solution is.

$_POST.password.sha256('someoneOwesMeBeers').lowercase()

I secretly hoped that was the issue, glad you got it solved :grin:

I had a similar issue when going from PHP to NodeJS

That's the right expression we all make sometimes :laughing:
Mine was yesterday, spent 3 whole days on something that has been solved by commenting a line.
Glad you finally got it!

1 Like