Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 4 of 4

Thread: Password encryption

  1. 01-11-2011, 08:25 AM #1
    jimsawyers is offline Junior Member
    Join Date
    Jul 2008
    Posts
    26

    Default Password encryption

    Has anyone had experience decrypting the aspdotnetstorefront password in php? We are integrating with a PHP site and want to share login data.
    Thx,
    Jim
  2. 01-11-2011, 01:41 PM #2
    webopius is offline Senior Member
    Join Date
    Nov 2008
    Location
    London, UK
    Posts
    440

    Default

    I'm happy to be corrected but I don't think the passwords can be easily decrypted.

    Running two sites side by side and sharing Customer logins is fairly complex but can be done. In outline, here's what you do:

    - Use the non-ASPDNSF site as the master site for logging in/logging out.

    - Redirect the ASPDNSF signin and signout pages to the non-ASPDNSF site login/logout pages

    - Write some new code in the ASPDNSF site that can receive requests to login,logout,create and change Customers. *Important*. Ensure this code can only be called by the trusted non-ASPDNSF site. You can write this as a standard .ASPX page, or as a Web Service. Look at the existing ASPDNSF signin.ascx code in /controls for hints on how to log a Customer in.

    - On the non-ASPDNSF site, once a customer logs in, make a call to the module described above to request that the Customer is logged in (we use JQuery Ajax calls for this).

    - Now, when the customer goes to the ASPDNSF site, they are already logged in

    - As above for logging out.

    The advantage is that you never have to share password info between the sites, Customer data in ASPDNSF remains secure and you can continue to use ASPDNSF to log customers in, you're just doing it via an Ajax request rather than a direct login.
    Webopius.com: ASPDotNetStorefront web development and ecommerce project management
    Webopius is now a Sage Pay Approved Partner
  3. 01-11-2011, 07:25 PM #3
    jimsawyers is offline Junior Member
    Join Date
    Jul 2008
    Posts
    26

    Default

    Thanks for the reply. Unfortunately I have to use the aspdnsf logins because we have many customers already using that. So I'm looking more of a solution that can validate a customer's username/password and tell me it's good so that I can log them into the php side. I prefer to not have duplicate user tables in two systems and make changes in php to validate the user.

    In researching more, it appears I can instantiate a .net dll in php (such as the aspdotnetstorefrontencrypt.dll). I'm currently heading down that path. If you've had any experience with this, or have other ideas, please let me know.
    Thx,
    Jim
  4. 01-11-2011, 08:40 PM #4
    tommytl is offline Member
    Join Date
    Sep 2008
    Posts
    34

    Default

    I'm interested in this too. I am developing a php based sub site that I want to import my customer's logins and passwords. Let me know if you find anything.