Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Code Support: ASP.NET (Non-Forum Related)
 ASP.NET Conversion
 New Topic  Topic Locked
 Printer Friendly
Previous Page | Next Page
Author Previous Topic Topic Next Topic
Page: of 11

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 30 May 2006 :  09:34:38  Show Profile  Send ruirib a Yahoo! Message
I disagree with Davio. I really don't see why you should aim for 1.1 compatibility. There are no technical reasons for a host not to update for .NET 2.0, and 2.0 saves you a whole lotta work.


Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

kentk
Starting Member

USA
30 Posts

Posted - 31 May 2006 :  16:20:15  Show Profile
What if we code using 2.0 now and if there is a demand for 1.1 compatibility we could create a mod later? That way we would also see what exactly we need to add to create compatibility for 1.1. But maybe it is easier to code for 1.1 compatibility right away, I don't know. Any thoughts?

Here's a good article for those of you like me that are learning about creating custom membership providers for .NET http://www.devx.com/asp/Article/29256?type=kbArticle&trk=MSCP

Kent

"Wakey, wakey, hands off snakey!"
Go to Top of Page

Ghostnetworks
New Member

95 Posts

Posted - 02 June 2006 :  07:17:36  Show Profile  Visit Ghostnetworks's Homepage
quote:
Originally posted by HuwR

quote:
Though I host my own portal, my domain is hosted on JodoHost and they don't have 2.0 for older customers.
Users who want 2.0 need to move their sites to the 2003 servers and there's a small fee.

What motive can they possibly have for that other than to make money out of you, .net 2 does not require windows2003, it is a five minute install on any version of windows, so you are just being conned.



Yep!
I am!
They say it has to do with their control panel (H-Sphere).
Would permanently alter their settings or something, which makes no sense to me, since both frameworks co-exist quite happily.

Can't 2.0 on existing servers

The problem is that I can't just pickup and leave, since I have user accounts there.
I had a choice of Jodo or 1And1.com. Picked the more familiar one of the two.


As for ruirib's comments on 1.1...
Yes, there are no technical reason to keep 1.1, but as you can see, there are other subtle ones out there.
And there may be plenty of religious reasons as well



edit_

quote:
Originally posted by kentk

Here's a good article for those of you like me that are learning about creating custom membership providers for .NET http://www.devx.com/asp/Article/29256?type=kbArticle&trk=MSCP



I downloaded this, and looks very nice so far. It even includes a sample database.

In fact, the code skeleton can be a Copy > Paste solution for our purposes. The only thing that kept me from persuing it at the time was that it was a 2.0 implementation.

We can still use this as a 2.0 specific module if we compile individual classes in to their own DLLs or specific class clusters into their own DLLs.
Like I said before, we can easily replace/modify/upgrade any part of the app without touching the rest.
This would be ideal for 2.0 users while we come up with something else for 1.1 users.


Edited by - Ghostnetworks on 02 June 2006 07:33:06
Go to Top of Page

kentk
Starting Member

USA
30 Posts

Posted - 02 June 2006 :  12:04:14  Show Profile
Here's a vb.NET class the contains the encryption functions that snitz uses for passwords. I didn't have to change much and I left the remarks from the original developer in it. You should be able to use it with 1.1 or 2.0 framework.

www.kuenzelonline.com/public/clssha256.zip

Kent

"Wakey, wakey, hands off snakey!"
Go to Top of Page

Ghostnetworks
New Member

95 Posts

Posted - 02 June 2006 :  20:28:39  Show Profile  Visit Ghostnetworks's Homepage
Does this match the standard SHA256 that comes with .Net?
Because if it does, it will be an easier to keep an unmodified database.

If not, there is a way to cover the db passwords with a standard solution.
Just need to keep something like this between the SQL password retrieval and the login function.


'## Username, user password and the password stored in the database
Private Function UpdatePassAndLogin(ByVal Username As String, ByVal strPassword As String, ByVal dbPassword As String) As Boolean
	Dim NewSHA As String = GetNewSHA(strPassword)
	Dim OldSHA As String = GetOldSHA(strPassword)
	
	Select Case dbPassword
		'## If the password in the database matches the old SHA...
		Case OldSHA

			'## Simple SQL UPDATE function and New SHA function to change the encrypted password
			' Or can be changed to some other form of encryption.
			' Like Rijndael/AES or something
			Database.UpdatePassword(Username, NewSHA)
			
			'## Forms Authenticate
			LoginUser(Username, Password)
			
			'## Successful!
			Return True
			
		Case NewSHA
			'## No need to update, the password is standard SHA256
			'Forms Authenticate
			LoginUser(Username, Password)
			
			'## Successful!
			Return True
			
		Case Else
			'## Invalid credential match
			Return False
	End Select
End Function


Edited by - Ghostnetworks on 02 June 2006 20:34:30
Go to Top of Page

kentk
Starting Member

USA
30 Posts

Posted - 05 June 2006 :  10:48:33  Show Profile
To tell the truth I did not know that .NET had its own implementation of SHA256. I did find one implementation of it but I was unable to figure out how to get it to work with Snitz.

Below is some code I've been working on, using a custom membership provider.

Public Overrides Function ValidateUser(ByVal username As String, ByVal password As String) As Boolean
Dim conn As New SqlConnection(connStr)
Dim objsha256 As sha256

Try
conn.Open()
Dim sql As String = "SELECT * FROM FORUM_MEMBERS WHERE M_NAME=@M_NAME AND M_PASSWORD=@M_PASSWORD"
Dim comm As New SqlCommand(sql, conn)

With comm
.Parameters.AddWithValue("@M_NAME", username)

' This does not work with Snitz
'.Parameters.AddWithValue("@M_PASSWORD", EncryptSHA256Managed(password))

objsha256 = New sha256
.Parameters.AddWithValue("@M_PASSWORD", objsha256.SHA256(password))

Dim reader As SqlDataReader = .ExecuteReader

If reader.HasRows Then
Return True
Else
Return False
End If

conn.Close()
End With
Catch ex As Exception
Console.Write(ex.ToString)
Return False
End Try
End Function

Here's one example I found implementing .NET's built in SHA256 class

Private Function EncryptSHA256Managed(ByVal ClearString As String) As String
Dim uEncode As New UnicodeEncoding()
Dim bytClearString() As Byte = uEncode.GetBytes(ClearString)
Dim sha As New _
System.Security.Cryptography.SHA256Managed()
Dim hash() As Byte = sha.ComputeHash(bytClearString)
Return Convert.ToBase64String(hash)
End Function

This was not able to read Snitz's encrypted passwords, but my original one does. I don't know alot about .NET's cryptography, maybe someone else out there does? and can explain.

Kent

"Wakey, wakey, hands off snakey!"
Go to Top of Page

CarKnee
Junior Member

USA
297 Posts

Posted - 05 June 2006 :  11:47:13  Show Profile  Visit CarKnee's Homepage
Regarding Password Hashing:
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60224

Go to Top of Page

Ghostnetworks
New Member

95 Posts

Posted - 05 June 2006 :  14:11:21  Show Profile  Visit Ghostnetworks's Homepage
quote:
Originally posted by CarKnee

Regarding Password Hashing:
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60224


CarKnee, you mention in that thread that the built in SHA256 doesn't measure up to Snitz homemade solution.
Then we should either keep what Snitz uses along with what Kent has provided or provide an option for something stronger.

We also need to look into ASCII vs Unicode for this, since your list of sample strings didn't match those from Snitz. And you used Unicode.

Podge mentions non-English characters, so before we fiddle with the bridge, we need to check the nuts and bolts.

After these are sorted out, we can select the encryption.

All this, of course, is considering efficiency.
The strongest encryption available isn't really an asset if it slows the forums to a crawl.


A side Note:
There should probably be a function to "Uninstall" the .Net version.
In that during the initial installation, check or uncheck an option that preserves the original database.
If that option is checked, the passwords will remain the original Snitz default and won't add/modify any settings in the DB.
The new .Net settings that don't exist in the db can be grabbed from the Web.Config file.

If the db is unaltered, a user can uninstall by removing the .Net binaries and .aspx files and re-uploading the ASP files.

Go to Top of Page

kentk
Starting Member

USA
30 Posts

Posted - 05 June 2006 :  14:26:41  Show Profile
Thanks CarKnee, I got it to work. Heres my updated code:

Public Overrides Function ValidateUser(ByVal username As String, ByVal password As String) As Boolean
Dim conn As New SqlConnection(connStr)

Try
conn.Open()
Dim sql As String = "SELECT * FROM FORUM_MEMBERS WHERE M_NAME=@M_NAME AND M_PASSWORD=@M_PASSWORD"
Dim comm As New SqlCommand(sql, conn)

With comm
.Parameters.AddWithValue("@M_NAME", username)

.Parameters.AddWithValue("@M_PASSWORD", SHA256Hash(password))

Dim reader As SqlDataReader = .ExecuteReader

If reader.HasRows Then
Return True
Else
Return False
End If

conn.Close()
End With
Catch ex As Exception
Console.Write(ex.ToString)
Return False
End Try
End Function

Public Function SHA256Hash(ByVal InputStr As String) As String
Dim SHA256Hasher As New System.Security.Cryptography.SHA256Managed

Dim Encoder As New System.Text.ASCIIEncoding
Return LCase$(ToHexString(SHA256Hasher.ComputeHash(Encoder.GetBytes(InputStr))))
End Function

Private Function ToHexString(ByVal ByteArray As Byte()) As String
Dim i As Integer
Dim sHexString As String
For i = LBound(ByteArray) To UBound(ByteArray)
If Len(Hex(ByteArray(i))) = 1 Then
sHexString &= "0" & LCase$(Hex(ByteArray(i)))
Else
sHexString &= LCase$(Hex(ByteArray(i)))
End If
Next

Return sHexString

End Function

This will eliminate the need for my class, and it ran pretty fast.

Kent

"Wakey, wakey, hands off snakey!"
Go to Top of Page

wildfiction
Junior Member

167 Posts

Posted - 18 June 2006 :  04:24:09  Show Profile  Visit wildfiction's Homepage
quote:
Originally posted by kentk

What if we code using 2.0 now and if there is a demand for 1.1 compatibility we could create a mod later? That way we would also see what exactly we need to add to create compatibility for 1.1. But maybe it is easier to code for 1.1 compatibility right away, I don't know. Any thoughts?


Just look at the obvious trend. Are more people coding and moving to 1.1 or are the number of people taking up 1.1 (as developers, users, hosters etc.) increasing or dropping?

What I am saying is that 1.1 will be dropping off while 2.0 picks up so by the time this project is finished the demand for 1.1 will be much lower than it is now and the demand for 2.0 will be much higher than what it is now and undoubtedly 2.0 will outweigh demand for 1.1 by a large margin by then - if it doesn't already.

And yes - I know - I'm stating the obvious but no one else has stated it yet.
Go to Top of Page

Stickboy
Starting Member

USA
28 Posts

Posted - 03 October 2006 :  08:43:26  Show Profile  Visit Stickboy's Homepage  Send Stickboy an AOL message
Is it too late to possibly get involved in this project?

Thanks,
Shannon

Cycling For Cancer | Lymphomaniacs | Rochester R/C
Go to Top of Page

GreyWolf
Starting Member

Canada
2 Posts

Posted - 18 October 2006 :  14:21:51  Show Profile  Visit GreyWolf's Homepage
yeah same here I was looking for someone to help port snitz over :)

I tried in the past but I allways end up loser interest hehe
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20550 Posts

Posted - 18 October 2006 :  17:10:46  Show Profile  Visit HuwR's Homepage
I am currently working on a .Net 2.0 port of the Snitz base code, I have almost finished the user interface part and membership functionality, hopefully I will be starting on the admin part of it shortly. Once the basic functionality is in place I will be looking for some beta testers, but can not give any time scale that that will be.
Go to Top of Page

wildfiction
Junior Member

167 Posts

Posted - 03 November 2006 :  00:21:37  Show Profile  Visit wildfiction's Homepage
HuwR: How is your port going?

I need to add membership functionality to a web site that has a Snitz forum and am just starting to think about how I can convert the member table in the Snitz forum to an ASP.NET 2.0 built-in membership provider. My goal is to have a single members table with roles which give access to different features on the site including the forum. I don't want to re-invent any of this if already done and I have already used the built in ASP.NET 2.0 one...
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20550 Posts

Posted - 03 November 2006 :  02:21:54  Show Profile  Visit HuwR's Homepage
it is coming along, I have already integrated it with the .net 2 membership /roles although not fully completed it does allow registration and basic roles management of admins/moderators, if you drop me an email I can send you the Snitzmembershipprovidor and snitzroleprovidor, you should be able to see what I have done from those. I can't guarantee that they will stay exactly the same but they should at least give you an idea of how I am proceeding (login authentication definitely won't change).
Go to Top of Page
Page: of 11 Previous Topic Topic Next Topic  
Previous Page | Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2019 Snitz™ Communications Go To Top Of Page
This page was generated in 0.12 seconds. Powered By: Snitz Forums 2000 Version 3.4.07