I ran into an interesting predicament the other day, and I thought that both the situation and my solution were worth sharing. Here's the scenario: I host websites for several family members and friends, and one of my family member's uses BlogEngine.NET for her blog. (As you may have seen in my previous blogs, I'm a big fan of BlogEngine.NET.) In any event, she forgot her password, so I logged into the admin section of her website, only to discover that there was no way for me to reset her password – I could only reset my password. Since it's my webserver, I have access to the physical files, so I decided to write a simple utility that can create the requisite SHA256/BASE64 password hashes that BlogEngine.NET uses, and then I can manually update the Users.xml file with new password hashes as I create them.
With that in mind, here is the code for the command-line utility:
using System;using System.Collections.Generic;using System.Linq;using System.Security.Cryptography;using System.Text;using System.Threading.Tasks;namespace BlogEnginePasswordHash {class Program {staticvoid Main(string[] args) {// Verify that a single argument was passed to the application...if (args.Length != 1) {// ...if not, reply with generic help message. Console.WriteLine("\nUSAGE: BlogEnginePasswordHash <password>\n"); }// ...otherwise...else {// Retrieve a sequence of bytes for the password argument. var passwordBytes = Encoding.UTF8.GetBytes(args[0]);// Retrieve a SHA256 object.using (HashAlgorithm sha256 = new SHA256Managed()) {// Hash the password. sha256.TransformFinalBlock(passwordBytes, 0, passwordBytes.Length);// Convert the hashed password to a Base64 string.string passwordHash = Convert.ToBase64String(sha256.Hash);// Display the password and it's hash. Console.WriteLine("\nPassword: {0}\nHash: {1}\n", args[0], passwordHash); } } } } }
That code snippet should be pretty self-explanatory; the application takes a single argument, which is the password to hash. Once you enter a password and hit enter, the password and it's respective hash will be displayed.
Here are a few examples:
C:\>BlogEnginePasswordHash.exe "This is my password" Password: This is my password Hash: 6tV+IGzvN4gaQ0vmCWNHSQ0UQ0WgW4+ThJuhpXR6Z3c= C:\>BlogEnginePasswordHash.exe Password1 Password: Password1 Hash: GVE/3J2k+3KkoF62aRdUjTyQ/5TVQZ4fI2PuqJ3+4d0= C:\>BlogEnginePasswordHash.exe Password2 Password: Password2 Hash: G+AiJ1Cq84iauVtdWTuhLk/xBGR0cC1rR3n0tScwWyM= C:\>
Once you have created password hashes, you can paste those into the Users.xml file for your website:
<Users><User><UserName>Alice</UserName><Password>GVE/3J2k+3KkoF62aRdUjTyQ/5TVQZ4fI2PuqJ3+4d0=</Password><Email>alice@fabrikam.com</Email><LastLoginTime>2015-01-31 01:52:00</LastLoginTime></User><User><UserName>Bob</UserName><Password>G+AiJ1Cq84iauVtdWTuhLk/xBGR0cC1rR3n0tScwWyM=</Password><Email>bob@fabrikam.com</Email><LastLoginTime>2015-01-31 01:53:00</LastLoginTime></User></Users>
That's all there is to do. Pretty simple stuff.