Migrating Microsoft Commerce Server Passwords to Sitecore (Microsoft ASP.NET Membership Provider)

A few years ago (back in 2013) before Sitecore took ownership of Microsoft Commerce Server I had to migrate users from a pure Commerce Server implementation into Sitecore. I was pretty easy to do, took about a day to figure things out from what I remember.

Here is a small POC I produced at the time for my team to do the migration. You just need to get a password field from the users table in the commerce server database and add is an input to the initial method. It will then print to screen the salt and the password field that can copied into the relevant ASP.NET Membership database table.

NOTE: You will need to have changed your Sitecore hash algorithm for password encryption to SHA512. SHA512 is the default for Microsoft Commerce Server 2007 link and is best practice for Sitecore link (you should be doing this anyway).

static void Main(string[] args)

private static void ConverCommerceServerHash_To_WhatSitecoreNeeds(string hashedPassword)
    string salt = hashedPassword.Substring(0, 8);
    string pwd = hashedPassword.Substring(8, hashedPassword.Length-8);
    byte[] saltArray = new byte[] { byte.Parse(salt.Substring(0, 2), NumberStyles.HexNumber, (IFormatProvider)CultureInfo.InvariantCulture.NumberFormat), byte.Parse(salt.Substring(2, 2), NumberStyles.HexNumber, (IFormatProvider)CultureInfo.InvariantCulture.NumberFormat), byte.Parse(salt.Substring(4, 2), NumberStyles.HexNumber, (IFormatProvider)CultureInfo.InvariantCulture.NumberFormat), byte.Parse(salt.Substring(6, 2), NumberStyles.HexNumber, (IFormatProvider)CultureInfo.InvariantCulture.NumberFormat) };
    byte[] pwdArray = new byte[pwd.Length / 2];

    for (int index = 0; index < pwdArray.Length; index++)
        string byteValue = pwd.Substring(index * 2, 2);
        pwdArray[index] = byte.Parse(byteValue, NumberStyles.HexNumber, CultureInfo.InvariantCulture);

    Console.WriteLine("Base64_Salt_FromHash: " + Convert.ToBase64String(saltArray));
    Console.WriteLine("Base64_password_FromHash: " + Convert.ToBase64String(pwdArray));

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.