Using SHA1CryptoServiceProvider in ASP.NET using Visual Basic

I have a client that is planning to send me information in a Hashed format.'

My question is how do I interpret this information and change it into relevant information at my end.
Attached is the Code that they are using to create the Hash code.

Basically I need to extract the EmployeeID and Email address at my end.

Help!
private string ConstructUrl (int employeeId, string email) 
{
  string url = null;
  string dataToHash = employeeId.ToString() + email;
  byte [] byteData = Encoding.UTF8.GetBytes (dataToHash);
  
  SHA1 s = new SHA1CryptoServiceProvider ();
  
  byte [] hashedResult = s.ComputeHash (byteData);
  
  StringBuilder hashedData = new StringBuilder();
  
  foreach (byte b in hashedResult)
  {
    hashedData.Append(b);
  }
  
  StringBuilder urlBuilder = new StringBuilder ();
 
  urlBuilder.Append ("http://www.xxxxxx.com/rhubarb.aspx?");
  urlBuilder.AppendFormat ("h={0}", hashedData.ToString());
  urlBuilder.AppendFormat ("&id={0}", employeeId.ToString());
  urlBuilder.AppendFormat ("&email={0}", email);
  
  url = urlBuilder.ToString();
  return url;
}

Open in new window

lawsoAsked:
Who is Participating?
 
Refael AckermannConnect With a Mentor Commented:
In the first two line of the code I posted. The email is in the "email" variable, and employee ID in the "employeeId" variable.

The middle part calculates the hash on your side.

The last three lines will throw an exception if the Hashes don't match.

0
 
Refael AckermannCommented:
Hashed data in general, and SHA1 in particular are irreversible, and are used only for validation.
http://en.wikipedia.org/wiki/Cryptographic_hash_function
It seems like they are sending you the data in plain text, and the hashed value only for validation (pay attention to first two lines and last three)


int employeeId = Int.Parse(Request["id"]);
string email = Request["email"];
 
// Copy & Paste for sending code
string url = null;
string dataToHash = employeeId.ToString() + email;
byte [] byteData = Encoding.UTF8.GetBytes (dataToHash);
 
SHA1 s = new SHA1CryptoServiceProvider ();
 
byte [] hashedResult = s.ComputeHash (byteData);
 
StringBuilder hashedData = new StringBuilder();
 
foreach (byte b in hashedResult)
{
	hashedData.Append(b);
}
// End Copy & Paste
 
 
string sentHash = Request["h"];
if (sentHash != hashedData.ToString())
	throw new Exception("Forgery!!!!");

Open in new window

0
 
lawsoAuthor Commented:
Thanks moseak.
I suppose my question is then how do I extract the email and id which is the part that I need.
Sorry new to this type of security
0
 
lawsoAuthor Commented:
Ahh I see...
So if I capture the request variables the Hash is just a check.?
Don't suppose you know how to translate your code to VB?
0
 
Refael AckermannCommented:

Dim employeeId = Int32.Parse(Request("id"))
Dim email = Request("email")
 
' Copy & Paste from sending code
Dim dataToHash = employeeId.ToString() + email
Dim byteData As Byte() = Encoding.UTF8.GetBytes(dataToHash)
 
Dim s = New SHA1CryptoServiceProvider()
Dim hashedResult = s.ComputeHash(byteData)
Dim hashedData = New StringBuilder()
 
For Each b In hashedResult
	hashedData.Append(b)
Next
' End Copy & Paste
 
Dim sentHash = Request("h")
If sentHash <> hashedData.ToString() Then Throw New Exception("Forgery!!!!")

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.