Reputation: 28064
How do I parse and use htpasswd files in C#
I want to use Apache's htpasswd util with my custom BasicAuthenticationAttribute in MVC. However, based on the htpasswd documentation, I am unsure how to compute a password hash for comparison to the htpasswd file. Is there a managed .NET library or some simple documentation that will help me figure this out?
Edit: The question pointed out by Heinzi is fine for SHA, but I also want to be able to handle the MD5 (APR1?) hash variant. I've seen a few code samples, but they're a bit too opaque for me to understand. Likewise for the actual code file linked to in the Apache documentation.
Ideally, I'd like to be able to take any client's .htpasswd file and drop it in to my ASP.NET site for authentication purposes, without constraints on which hash method is used.
Upvotes: 4
Views: 1642
Answers (1)
Reputation: 1904
I recently added support for Apache MD5 to CryptSharp. It can compute and verify these passwords for you. Since it's a variant you'll need to give an extra parameter to the Crypter.MD5.Crypt() method:
string cryptedPassword = Crypter.MD5.Crypt("HelloWorld", new CrypterOptions
{
{ CrypterOption.Variant, MD5CrypterVariant.Apache }
}));
To verify:
bool matches = Crypter.CheckPassword("HelloWorld", cryptedPassword);
You can also verify using the Crypt() method itself, but CheckPassword() automatically determines if it's Apache MD5, DES, etc.
Hope this helps
James
Upvotes: 5
Related Questions
- Verify user and password against a file created by htpasswd
- Add a comment on .htpasswd
- Adding a user on .htpasswd
- Proper .htpasswd usage
- Accessing special files in apache2
- http digest authentication with .htpasswd
- Convert passwords from htpasswd to htdigest
- Create .htpasswd files within C#
- How do I login to a website with C#?
- HTTP-Authentication with .htpasswd file