I have one website in WordPress but I need to create another in other framework (ASP.NET).
I want to give users the ability to login with the same login and password to second website without the need to create account once again.
How to calculate the password hash outside WordPress? I want to generate hash in my second website, then connect to WordPress database and authenticate user. So it should work without WordPress help, only direct connection to the database.
I tried WordPress password hasher, but every time it gives me another hash. Why it is not deterministic like SHA?
I don’t also see any password salt here.
While the answer to your question could be long and complex, but since you are developing another website using ASP, I assume you know how to integrate with database too.
I’m going to add some useful information for your case.
WordPress Salts
WordPress uses different salts for different purposes, as asked here. These salts are located at wp-config.php. You might want to take a look into that to generate your hashes.
Manual Hash Generation
The PasswordHash class allows you to generate and customize hashed passwords. You can use it to create hashes based on your strings, and then compare them with the original hashes from database, by using its CheckPassword() method.
Location of Password Hashes in Database
Hashed password for a every user is stored under user_pass row, located at wp_users table. You can use it to make hash comparisons, using the $wpdb class. This can be done by a REST API.
When a user tries to log in, you can send a REST request to your WordPress installation, grab the hashes, then compare it and pass it back to your ASP installation if it’s correct.
