| Author |
 Topic  |
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
 Posted - 30 May 2006 : 09:34:38
|
| I disagree with Davio. I really don't see why you should aim for 1.1 compatibility. There are no technical reasons for a host not to update for .NET 2.0, and 2.0 saves you a whole lotta work. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
 |
|
|
kentk
Starting Member
USA
30 Posts |
Posted - 31 May 2006 : 16:20:15
|
What if we code using 2.0 now and if there is a demand for 1.1 compatibility we could create a mod later? That way we would also see what exactly we need to add to create compatibility for 1.1. But maybe it is easier to code for 1.1 compatibility right away, I don't know. Any thoughts?
Here's a good article for those of you like me that are learning about creating custom membership providers for .NET http://www.devx.com/asp/Article/29256?type=kbArticle&trk=MSCP |
Kent
"Wakey, wakey, hands off snakey!" |
|
|
|
Ghostnetworks
New Member
95 Posts |
Posted - 02 June 2006 : 07:17:36
|
quote:
Originally posted by HuwR
quote:
Though I host my own portal, my domain is hosted on JodoHost and they don't have 2.0 for older customers.
Users who want 2.0 need to move their sites to the 2003 servers and there's a small fee.
What motive can they possibly have for that other than to make money out of you, .net 2 does not require windows2003, it is a five minute install on any version of windows, so you are just being conned.
Yep!
I am!
They say it has to do with their control panel (H-Sphere).
Would permanently alter their settings or something, which makes no sense to me, since both frameworks co-exist quite happily.
Can't 2.0 on existing servers
The problem is that I can't just pickup and leave, since I have user accounts there.
I had a choice of Jodo or 1And1.com. Picked the more familiar one of the two.
As for ruirib's comments on 1.1...
Yes, there are no technical reason to keep 1.1, but as you can see, there are other subtle ones out there.
And there may be plenty of religious reasons as well 
edit_
quote:
Originally posted by kentk
Here's a good article for those of you like me that are learning about creating custom membership providers for .NET http://www.devx.com/asp/Article/29256?type=kbArticle&trk=MSCP
I downloaded this, and looks very nice so far. It even includes a sample database.
In fact, the code skeleton can be a Copy > Paste solution for our purposes. The only thing that kept me from persuing it at the time was that it was a 2.0 implementation.
We can still use this as a 2.0 specific module if we compile individual classes in to their own DLLs or specific class clusters into their own DLLs.
Like I said before, we can easily replace/modify/upgrade any part of the app without touching the rest.
This would be ideal for 2.0 users while we come up with something else for 1.1 users. |
 |
Edited by - Ghostnetworks on 02 June 2006 07:33:06 |
|
|
|
kentk
Starting Member
USA
30 Posts |
Posted - 02 June 2006 : 12:04:14
|
Here's a vb.NET class the contains the encryption functions that snitz uses for passwords. I didn't have to change much and I left the remarks from the original developer in it. You should be able to use it with 1.1 or 2.0 framework.
www.kuenzelonline.com/public/clssha256.zip |
Kent
"Wakey, wakey, hands off snakey!" |
|
|
|
Ghostnetworks
New Member
95 Posts |
Posted - 02 June 2006 : 20:28:39
|
Does this match the standard SHA256 that comes with .Net?
Because if it does, it will be an easier to keep an unmodified database.
If not, there is a way to cover the db passwords with a standard solution.
Just need to keep something like this between the SQL password retrieval and the login function.
'## Username, user password and the password stored in the database
Private Function UpdatePassAndLogin(ByVal Username As String, ByVal strPassword As String, ByVal dbPassword As String) As Boolean
Dim NewSHA As String = GetNewSHA(strPassword)
Dim OldSHA As String = GetOldSHA(strPassword)
Select Case dbPassword
'## If the password in the database matches the old SHA...
Case OldSHA
'## Simple SQL UPDATE function and New SHA function to change the encrypted password
' Or can be changed to some other form of encryption.
' Like Rijndael/AES or something
Database.UpdatePassword(Username, NewSHA)
'## Forms Authenticate
LoginUser(Username, Password)
'## Successful!
Return True
Case NewSHA
'## No need to update, the password is standard SHA256
'Forms Authenticate
LoginUser(Username, Password)
'## Successful!
Return True
Case Else
'## Invalid credential match
Return False
End Select
End Function
|
|
Edited by - Ghostnetworks on 02 June 2006 20:34:30 |
|
|
|
kentk
Starting Member
USA
30 Posts |
Posted - 05 June 2006 : 10:48:33
|
To tell the truth I did not know that .NET had its own implementation of SHA256. I did find one implementation of it but I was unable to figure out how to get it to work with Snitz.
Below is some code I've been working on, using a custom membership provider.
Public Overrides Function ValidateUser(ByVal username As String, ByVal password As String) As Boolean
Dim conn As New SqlConnection(connStr)
Dim objsha256 As sha256
Try
conn.Open()
Dim sql As String = "SELECT * FROM FORUM_MEMBERS WHERE M_NAME=@M_NAME AND M_PASSWORD=@M_PASSWORD"
Dim comm As New SqlCommand(sql, conn)
With comm
.Parameters.AddWithValue("@M_NAME", username)
' This does not work with Snitz
'.Parameters.AddWithValue("@M_PASSWORD", EncryptSHA256Managed(password))
objsha256 = New sha256
.Parameters.AddWithValue("@M_PASSWORD", objsha256.SHA256(password))
Dim reader As SqlDataReader = .ExecuteReader
If reader.HasRows Then
Return True
Else
Return False
End If
conn.Close()
End With
Catch ex As Exception
Console.Write(ex.ToString)
Return False
End Try
End Function
Here's one example I found implementing .NET's built in SHA256 class
Private Function EncryptSHA256Managed(ByVal ClearString As String) As String
Dim uEncode As New UnicodeEncoding()
Dim bytClearString() As Byte = uEncode.GetBytes(ClearString)
Dim sha As New _
System.Security.Cryptography.SHA256Managed()
Dim hash() As Byte = sha.ComputeHash(bytClearString)
Return Convert.ToBase64String(hash)
End Function
This was not able to read Snitz's encrypted passwords, but my original one does. I don't know alot about .NET's cryptography, maybe someone else out there does? and can explain. |
Kent
"Wakey, wakey, hands off snakey!" |
|
|
|
CarKnee
Junior Member
USA
297 Posts |
|
|
Ghostnetworks
New Member
95 Posts |
Posted - 05 June 2006 : 14:11:21
|
quote:
Originally posted by CarKnee
Regarding Password Hashing:
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60224
CarKnee, you mention in that thread that the built in SHA256 doesn't measure up to Snitz homemade solution.
Then we should either keep what Snitz uses along with what Kent has provided or provide an option for something stronger.
We also need to look into ASCII vs Unicode for this, since your list of sample strings didn't match those from Snitz. And you used Unicode.
Podge mentions non-English characters, so before we fiddle with the bridge, we need to check the nuts and bolts.
After these are sorted out, we can select the encryption.
All this, of course, is considering efficiency.
The strongest encryption available isn't really an asset if it slows the forums to a crawl.
A side Note:
There should probably be a function to "Uninstall" the .Net version.
In that during the initial installation, check or uncheck an option that preserves the original database.
If that option is checked, the passwords will remain the original Snitz default and won't add/modify any settings in the DB.
The new .Net settings that don't exist in the db can be grabbed from the Web.Config file.
If the db is unaltered, a user can uninstall by removing the .Net binaries and .aspx files and re-uploading the ASP files. |
|
|
|
|
kentk
Starting Member
USA
30 Posts |
Posted - 05 June 2006 : 14:26:41
|
Thanks CarKnee, I got it to work. Heres my updated code:
Public Overrides Function ValidateUser(ByVal username As String, ByVal password As String) As Boolean
Dim conn As New SqlConnection(connStr)
Try
conn.Open()
Dim sql As String = "SELECT * FROM FORUM_MEMBERS WHERE M_NAME=@M_NAME AND M_PASSWORD=@M_PASSWORD"
Dim comm As New SqlCommand(sql, conn)
With comm
.Parameters.AddWithValue("@M_NAME", username)
.Parameters.AddWithValue("@M_PASSWORD", SHA256Hash(password))
Dim reader As SqlDataReader = .ExecuteReader
If reader.HasRows Then
Return True
Else
Return False
End If
conn.Close()
End With
Catch ex As Exception
Console.Write(ex.ToString)
Return False
End Try
End Function
Public Function SHA256Hash(ByVal InputStr As String) As String
Dim SHA256Hasher As New System.Security.Cryptography.SHA256Managed
Dim Encoder As New System.Text.ASCIIEncoding
Return LCase$(ToHexString(SHA256Hasher.ComputeHash(Encoder.GetBytes(InputStr))))
End Function
Private Function ToHexString(ByVal ByteArray As Byte()) As String
Dim i As Integer
Dim sHexString As String
For i = LBound(ByteArray) To UBound(ByteArray)
If Len(Hex(ByteArray(i))) = 1 Then
sHexString &= "0" & LCase$(Hex(ByteArray(i)))
Else
sHexString &= LCase$(Hex(ByteArray(i)))
End If
Next
Return sHexString
End Function
This will eliminate the need for my class, and it ran pretty fast. |
Kent
"Wakey, wakey, hands off snakey!" |
|
|
|
wildfiction
Junior Member
167 Posts |
Posted - 18 June 2006 : 04:24:09
|
quote:
Originally posted by kentk
What if we code using 2.0 now and if there is a demand for 1.1 compatibility we could create a mod later? That way we would also see what exactly we need to add to create compatibility for 1.1. But maybe it is easier to code for 1.1 compatibility right away, I don't know. Any thoughts?
Just look at the obvious trend. Are more people coding and moving to 1.1 or are the number of people taking up 1.1 (as developers, users, hosters etc.) increasing or dropping?
What I am saying is that 1.1 will be dropping off while 2.0 picks up so by the time this project is finished the demand for 1.1 will be much lower than it is now and the demand for 2.0 will be much higher than what it is now and undoubtedly 2.0 will outweigh demand for 1.1 by a large margin by then - if it doesn't already.
And yes - I know - I'm stating the obvious but no one else has stated it yet. |
|
|
|
Stickboy
Starting Member
USA
28 Posts |
|
|
GreyWolf
Starting Member
Canada
2 Posts |
Posted - 18 October 2006 : 14:21:51
|
yeah same here I was looking for someone to help port snitz over :)
I tried in the past but I allways end up loser interest hehe |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 18 October 2006 : 17:10:46
|
| I am currently working on a .Net 2.0 port of the Snitz base code, I have almost finished the user interface part and membership functionality, hopefully I will be starting on the admin part of it shortly. Once the basic functionality is in place I will be looking for some beta testers, but can not give any time scale that that will be. |
|
|
|
wildfiction
Junior Member
167 Posts |
Posted - 03 November 2006 : 00:21:37
|
HuwR: How is your port going?
I need to add membership functionality to a web site that has a Snitz forum and am just starting to think about how I can convert the member table in the Snitz forum to an ASP.NET 2.0 built-in membership provider. My goal is to have a single members table with roles which give access to different features on the site including the forum. I don't want to re-invent any of this if already done and I have already used the built in ASP.NET 2.0 one... |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 03 November 2006 : 02:21:54
|
| it is coming along, I have already integrated it with the .net 2 membership /roles although not fully completed it does allow registration and basic roles management of admins/moderators, if you drop me an email I can send you the Snitzmembershipprovidor and snitzroleprovidor, you should be able to see what I have done from those. I can't guarantee that they will stay exactly the same but they should at least give you an idea of how I am proceeding (login authentication definitely won't change). |
|
|
|
Topic |
|
Topic Locked
