Using SHA1CryptoServiceProvider in ASP.NET using Visual Basic

I have a client that is planning to send me information in a Hashed format.'

My question is how do I interpret this information and change it into relevant information at my end.
Attached is the Code that they are using to create the Hash code.

Basically I need to extract the EmployeeID and Email address at my end.

Help!
private string ConstructUrl (int employeeId, string email) 
{
  string url = null;
  string dataToHash = employeeId.ToString() + email;
  byte [] byteData = Encoding.UTF8.GetBytes (dataToHash);
  
  SHA1 s = new SHA1CryptoServiceProvider ();
  
  byte [] hashedResult = s.ComputeHash (byteData);
  
  StringBuilder hashedData = new StringBuilder();
  
  foreach (byte b in hashedResult)
  {
    hashedData.Append(b);
  }
  
  StringBuilder urlBuilder = new StringBuilder ();
 
  urlBuilder.Append ("http://www.xxxxxx.com/rhubarb.aspx?");
  urlBuilder.AppendFormat ("h={0}", hashedData.ToString());
  urlBuilder.AppendFormat ("&id={0}", employeeId.ToString());
  urlBuilder.AppendFormat ("&email={0}", email);
  
  url = urlBuilder.ToString();
  return url;
}

Open in new window

lawsoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Refael AckermannCommented:
Hashed data in general, and SHA1 in particular are irreversible, and are used only for validation.
http://en.wikipedia.org/wiki/Cryptographic_hash_function
It seems like they are sending you the data in plain text, and the hashed value only for validation (pay attention to first two lines and last three)


int employeeId = Int.Parse(Request["id"]);
string email = Request["email"];
 
// Copy & Paste for sending code
string url = null;
string dataToHash = employeeId.ToString() + email;
byte [] byteData = Encoding.UTF8.GetBytes (dataToHash);
 
SHA1 s = new SHA1CryptoServiceProvider ();
 
byte [] hashedResult = s.ComputeHash (byteData);
 
StringBuilder hashedData = new StringBuilder();
 
foreach (byte b in hashedResult)
{
	hashedData.Append(b);
}
// End Copy & Paste
 
 
string sentHash = Request["h"];
if (sentHash != hashedData.ToString())
	throw new Exception("Forgery!!!!");

Open in new window

0
lawsoAuthor Commented:
Thanks moseak.
I suppose my question is then how do I extract the email and id which is the part that I need.
Sorry new to this type of security
0
Refael AckermannCommented:
In the first two line of the code I posted. The email is in the "email" variable, and employee ID in the "employeeId" variable.

The middle part calculates the hash on your side.

The last three lines will throw an exception if the Hashes don't match.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lawsoAuthor Commented:
Ahh I see...
So if I capture the request variables the Hash is just a check.?
Don't suppose you know how to translate your code to VB?
0
Refael AckermannCommented:

Dim employeeId = Int32.Parse(Request("id"))
Dim email = Request("email")
 
' Copy & Paste from sending code
Dim dataToHash = employeeId.ToString() + email
Dim byteData As Byte() = Encoding.UTF8.GetBytes(dataToHash)
 
Dim s = New SHA1CryptoServiceProvider()
Dim hashedResult = s.ComputeHash(byteData)
Dim hashedData = New StringBuilder()
 
For Each b In hashedResult
	hashedData.Append(b)
Next
' End Copy & Paste
 
Dim sentHash = Request("h")
If sentHash <> hashedData.ToString() Then Throw New Exception("Forgery!!!!")

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.