I ran into an interesting predicament the other day, and I thought that both the situation and my solution were worth sharing. Here's the scenario: I host websites for several family members and friends, and one of my family member's uses BlogEngine.NET for her blog. (As you may have seen in my previous blogs, I'm a big fan of BlogEngine.NET.) In any event, she forgot her password, so I logged into the admin section of her website, only to discover that there was no way for me to reset her password – I could only reset my password. Since it's my webserver, I have access to the physical files, so I decided to write a simple utility that can create the requisite SHA256/BASE64 password hashes that BlogEngine.NET uses, and then I can manually update the Users.xml file with new password hashes as I create them.
With that in mind, here is the code for the command-line utility:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
namespace BlogEnginePasswordHash
{
class Program
{
static void Main(string[] args)
{
// Verify that a single argument was passed to the application...
if (args.Length != 1)
{
// ...if not, reply with generic help message.
Console.WriteLine("\nUSAGE: BlogEnginePasswordHash <password>\n");
}
// ...otherwise...
else
{
// Retrieve a sequence of bytes for the password argument.
var passwordBytes = Encoding.UTF8.GetBytes(args[0]);
// Retrieve a SHA256 object.
using (HashAlgorithm sha256 = new SHA256Managed())
{
// Hash the password.
sha256.TransformFinalBlock(passwordBytes, 0, passwordBytes.Length);
// Convert the hashed password to a Base64 string.
string passwordHash = Convert.ToBase64String(sha256.Hash);
// Display the password and it's hash.
Console.WriteLine("\nPassword: {0}\nHash: {1}\n", args[0], passwordHash);
}
}
}
}
}
That code snippet should be pretty self-explanatory; the application takes a single argument, which is the password to hash. Once you enter a password and hit enter, the password and it's respective hash will be displayed.
Here are a few examples:
C:\>BlogEnginePasswordHash.exe "This is my password"
Password: This is my password
Hash: 6tV+IGzvN4gaQ0vmCWNHSQ0UQ0WgW4+ThJuhpXR6Z3c=
C:\>BlogEnginePasswordHash.exe Password1
Password: Password1
Hash: GVE/3J2k+3KkoF62aRdUjTyQ/5TVQZ4fI2PuqJ3+4d0=
C:\>BlogEnginePasswordHash.exe Password2
Password: Password2
Hash: G+AiJ1Cq84iauVtdWTuhLk/xBGR0cC1rR3n0tScwWyM=
C:\>
Once you have created password hashes, you can paste those into the Users.xml file for your website:
<Users>
<User>
<UserName>Alice</UserName>
<Password>GVE/3J2k+3KkoF62aRdUjTyQ/5TVQZ4fI2PuqJ3+4d0=</Password>
<Email>alice@fabrikam.com</Email>
<LastLoginTime>2015-01-31 01:52:00</LastLoginTime>
</User>
<User>
<UserName>Bob</UserName>
<Password>G+AiJ1Cq84iauVtdWTuhLk/xBGR0cC1rR3n0tScwWyM=</Password>
<Email>bob@fabrikam.com</Email>
<LastLoginTime>2015-01-31 01:53:00</LastLoginTime>
</User>
</Users>
That's all there is to do. Pretty simple stuff.
Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/