In iMIS 15, any of the following can be used to create users:

1. iBO.Net (currently in ETP/beta)
2. The Asi.Membership .Net DLL (which can be used by VB, since it's a COM object, as well as by .Net programs directly)
3. The AsiMembershipWebService included in the iMIS 15 staff site application.

What's your programming environment/how are you expecting to call into the needed code? COM? .Net? Some kind of scripting environment?

Actualy, I had posted this on behalf of one of our customers and I don't know if they resolved the problem.

However.... I am in a similar situation! I am trying to import new users into a fresh iMIS 15 environment. I couldn't use the import utility, so have written scripts to create the name, name_address, name_security, name_security_groups, aspnet_users and aspnet_membership records. Everything was going great except for one little problem. The Omnis hash routine for encrypting passwords (using ASIUTIL.CCrypto) is different than Microsoft's. If I place the user's Password and PasswordSalt in the aspnet_membership record unencrypted and set the password format to 0 (both done by mistake), I can log onto the public site.

I've come so close!! How can I encrypt the passwords so that .Net will like them? Also, what is the difference between the Password and PasswordSalt values in the aspnet_membership record? I noticed that they seem to be slightly different even when encrypted. BTW - I passed params to aspnet_Membership_CreateUser to do the .Net work.

Any help on this is greatly appreciated!

Deb Cain

I'm not aware of any method to encrypt the password via pure SQL; I'm not saying it can't be done, just that I don't know.

The password salt is a randomly generated value that is added to the password before encryption so that two identical passwords don't end up with the same encrypted value (an additional layer of protection that helps defeat dictionary/rainbow attacks).

I have some C# code that generates a salt and encrypts the password, but as I said I don't know if it can be done in pure SQL. It uses an SHA1 hash for the encryption, and the salt as I mentioned is just a randomly generated string.

Here's the two functions to generate a salt and encrypt a given password:

        private static string GetSalt()
        {
            byte[] buf = new byte[16];
            (new RNGCryptoServiceProvider()).GetBytes(buf);
            return Convert.ToBase64String(buf);
        }

        private static string EncodePassword(string pass, string salt)
        {
            byte[] bIn = Encoding.Unicode.GetBytes(pass);
            byte[] bSalt = Convert.FromBase64String(salt);
            byte[] bAll = new byte[bSalt.Length + bIn.Length];
            byte[] bRet;

            Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
            Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
            HashAlgorithm s = HashAlgorithm.Create("SHA1");
            bRet = s.ComputeHash(bAll);

            return Convert.ToBase64String(bRet);
        }

Hi Eric,

Thanks for the code and the quick response! Looks like I'm going to have to write a little utility to take care of this.

Deb Cain

Hi Eric,

I am trying to use the functions you gave me above but am geting a compile error on RNGCryptoServiceProvider and HashAlgorithm. What reference do I need to add/use to access these?

Thanks,

Deb Cain

Deb Cain BSCI