What do you mean by credentials? Are you trying to pass the login form values entered by the user or the data against which the values are checked? Or by credentials do you mean the auth cookie WP stores on the user’s browser?
More information about what you are actually trying to do would help us help you.
Thread Starter
Shilpa
(@kshilpa1385)
Thanks for reply.
Credentials means the login form values entered by the user as username and password.
Those username and password has to check at asp.net login page then user enter in asp.net site.
mostly password has encrypted in wordpress database which i want to decrypt then it check at asp.net databse when it validate user goes further asp.net site.
so how should i do it?
Ummm. I don’t understand what you are checking in the asp.net DB if the data you need is in the WP DB. You cannot actually decrypt the password hash in the WP DB, it is a one way encryption. WP only checks if the hash of the provided password matches the stored hash to validate the password.
I can understand why you would want one login to be valid for both sites. I don’t know anything of your asp.net site of course, but trying to manage WP logins through another system can be challenging. You are usually better off managing logins for another system through WP.
There’s probably several approaches. One possibility is asp.net would essentially ask WP via an AJAX request from a page “Is this browser currently logged in to WP? If not please have the user login”
The exchange must be secured by some sort of nonce or security token so that WP knows the request is legitimate and asp.net knows the response is also legitimate. Note that this exchange does not involve transmitting passwords or usernames. That is all handled by WP. This is why the nonce is so important.
Thread Starter
Shilpa
(@kshilpa1385)
hi bcworkz,
See my whole process of wordpress and asp.net site.
- Once user come to my wordpress site then they do registration on wp site that credentials(username, password, email id, name etc) has saved in wp db.
- Then as user finished his registration on wp site it click on one link which has asp.net site (our online test engine).
- As user goes to our asp.net site it show login panel of site where user need to input same username and password.
- Those username and password enter in asp.net login need to check at wp db that it has same then if same it goes further to asp.net site.
- Now my problem is that which password enter in wp it encrypted in one format which unable to match with password(text format : not encrypted to any format) enter in asp.net site.
- Thats why i want decrypt password of wp but it not possible at all as you told above.
- then please tell me how to match password of two sites then and then user able go further smoothly without any error in login process.
Thank you for the detailed explanation. You actually have several options.
- You can try to replicate the method used by WP in asp. You can see a PHP library is used, which is of no help for asp. However, at it’s root are standard hashing algorithms that I’m sure are available in asp, It’s the setup before the hash that needs to be replicated.
- As noted in the inline documentation, you may overwrite the WP function in order to be compatible with other systems. Presumably if you did a straight MD5 hash in PHP, the same MD5 hash in asp would result in the same hash. Of course if you overwrote the hash password function, everyone in WP who already had entered passwords would need to reset their password.
- The first two options would either work where you maintain a separate parallel user DB or where you actually use the WP DB to maintain passwords for the asp site. There’s no reason asp cannot access the WP DB like it would for any other DB.
- You could write a basic XMLRPC API that would allow asp to request WP verify the password in the WP DB.
- You could do as I initially suggested and let WP handle the user login and an asp page would just need to confirm the auth cookie exists by way of an AJAX exchange. Part of the server response could be the user login name and any other data that might be useful by asp.
I personally like the last option. The overwrite the hash password function is probably the easiest option and closest to what you came here looking for. The first option is basically what you originally envisioned, it is still possible, but it will take some digging and trial and error to replicate the hash process.
Thread Starter
Shilpa
(@kshilpa1385)
Thank you so much it’s all information really usable me.
Thread Starter
Shilpa
(@kshilpa1385)
I will go with Hash function.
Thread Starter
Shilpa
(@kshilpa1385)
hi bcworkz,
Please tell me which standard hashing algorithms has been used in wordpress to encrypt password?
Is it MD5 Hash?
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Not sure if this will point you in the right direction but give this a read.
http://codex.wordpress.org/Function_Reference/wp_hash_password
Jan D. is absolutely correct, you need to start with wp_hash_password() since that is what WP calls to create a password hash. As you will discover as your drill into the various subroutine calls, it is nowhere near as simple as storing the result of md5($password). Once you wade through all the pre and post processing, you will find at the heart md5() is in fact used to in part create the actual hash, assuming a different method is not overriding the default behavior.
I’m sure all of the pre and post processing can be replicated in ASP.NET. The one thing you need to verify for all this to work is that doing the ASP equivalent of md5('password'); in PHP results in exactly the same hash.
There’s lots of reasons you would want to pass login info securely between sites you own or manage. I’d love to just manage one user database and not rely on a third party to authenticate, but it’d be great to be able to pass the hashes or something.
Are there good open plugins to integrate sites sharing LDAP of a specific server or even Windows AD on the same network? I saw https://wordpress.org/plugins/simple-ldap-login/ and wonder what ones are available and best. Does anyone have experience with simple-ldap-login?
I guess that’s different than sharing WordPress databases. I’d love to be able to do that too. I heard OpenID had gone to Facebook and big social network signup. I don’t know what would be best, sharing WordPresses, or having them share something like AD or LDAP. I wouldn’t want to have to create all the accounts myself and there’s good WordPress self-registration.
Thread Starter
Shilpa
(@kshilpa1385)
hi bitpath,
Sorry to say but i did not get how useful LDAP for me?
Please will you explain me in details.
I have explain my whole process above what exactly i want, but once again i explain it as
See my whole process of wordpress and asp.net site.
- Once user come to my wordpress site then they do registration on wp site that credentials(username, password, email id, name etc) has saved in wp db.
- Then as user finished his registration on wp site it click on one link which has asp.net site (our online test engine).
- As user goes to our asp.net site it show login panel of site where user need to input same username and password.
- Those username and password enter in asp.net login need to check at wp db that it has same then if same it goes further to asp.net site.
- Now my problem is that which password enter in wp it encrypted in one format which unable to match with password(text format : not encrypted to any format) enter in asp.net site.
- Thats why i want decrypt password of wp but it not possible at all as you told above.
- then please tell me how to match password of two sites then and then user able go further smoothly without any error in login process.
