I have the following code that creates a hash from a password and then compares it with a stored hashed password in db. Everything works fine on http. This is for asp.net web form application running under C # 4.0
HMACSHA1 hash = new HMACSHA1();
hash.Key = Encoding.Unicode.GetBytes(password);
encodedPassword = Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
However, when starting https / ssl, the encoded password is different and therefore the user cannot log in.
Is the .net framework something different when computing a hash when going through SSL?
If I go through the code and copy the encoded password and update my db, then through SSL I can log in.
Any ideas?
Many thanks
source
share