如何从自定义 Membership Provider 迁移到 SqlMembershipProvider？

发布于 2024-08-02 16:13:07 字数 884 浏览 5 评论 0原文

我目前正在使用 MembershipProvider 的非常基本的自定义实现在 ASP.NET Web 应用程序中。随着我对会员资格的要求增加，使用现有的、功能齐全且经过良好测试的实现（例如 SqlMembershipProvider。我已经弄清楚如何使用 aspnet_Memebership 存储过程从我的自定义表创建用户，但我被密码困住了。我的自定义实现不使用盐，而 SqlMembershipProvider 似乎需要它。

我希望这对我的用户来说是一个平稳的过渡，而不是要求每个人在更改后第一次登录时更新密码。

如何将哈希密码从自定义实现（见下文）迁移到 SqlMemberhipProvider？

FormsAuthentication.HashPasswordForStoringInConfigFile(password, FormsAuthPasswordFormat.SHA1.ToString())

更新：我应该澄清一下，我的自定义提供程序是 MembershipProvider 的实现，而不是完整的精选之一。另外，我尝试使用带有空盐的 aspnet_Membership_CreateUser ，但哈希值不匹配。

原文

I'm currently using a very basic custom implementation of MembershipProvider in an ASP.NET web application. As my requirements for membership increase, it seems to make a lot of sense to use an existing, full featured, and well tested implementation like SqlMembershipProvider. I've figured out how to use the aspnet_Memebership stored procedures to create users from my custom tables, but I'm stuck on the password. My custom implementation doesn't use salt, and SqlMembershipProvider seems to require it.

I want this to be a smooth transition for my users and not require everyone to update their password the first time they login after the change.

How do I migrate hashed passwords from a custom implementation (see below) to SqlMemberhipProvider?

FormsAuthentication.HashPasswordForStoringInConfigFile(password, FormsAuthPasswordFormat.SHA1.ToString())

Update: I should clarify that my custom provider is an implementation of MembershipProvider, just not a full featured one. Also, I've tried using aspnet_Membership_CreateUser with empty salt, but the hashes don't match.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

じ违心 2024-08-09 16:13:07

您可以编写一个自定义哈希算法来删除盐（盐和密码组合的前 16 个字节）。

http://forums.asp.net/t/981295.aspx

或者你可以可能会编写自己的继承 MembershipProvider 的类，但这会需要更多工作。

回复收藏 0 原文

宁愿没拥抱 2024-08-09 16:13:07

最好的选择是尝试使用空盐手动创建SqlMembership的用户（通过存储过程）。

如果这不起作用，我认为您对 SqlMembershipProvider 不走运，但您始终可以编写自己的 MembershipProvider （甚至可能基于 SqlMembershipProvider 自己的后端）。这并不难。

回复收藏 0 原文

丢了幸福的猪 2024-08-09 16:13:07

重写 System.Web.Security.SqlMembershipProvider
类，并根据需要自定义覆盖任意数量的方法。

这里没有看到 web.config。但事实上，你一开始就让自己的定制工作正常工作，我不认为这部分是一个绊脚石。

public class SqlMembershipProviderOverride : System.Web.Security.SqlMembershipProvider
{
    public static readonly string FORCED_OVERRIDE_APPLICATION_NAME = "MyApplicationName";

    public SqlMembershipProviderOverride()
    {
        this.ApplicationName = FORCED_OVERRIDE_APPLICATION_NAME;
    }

    public override System.Web.Security.MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status)
    {
        return base.CreateUser(username, password, email, passwordQuestion, passwordAnswer,    isApproved, providerUserKey, out status);
        /*
              Do "your own thing" in this or any other override method
        */

    }


}

Override the System.Web.Security.SqlMembershipProvider
class, and override as many or as few methods as you need to customize.

web.config not seen here. but the fact that you got your own custom one working in the first place, I don't that part is a tripping point.

public class SqlMembershipProviderOverride : System.Web.Security.SqlMembershipProvider
{
    public static readonly string FORCED_OVERRIDE_APPLICATION_NAME = "MyApplicationName";

    public SqlMembershipProviderOverride()
    {
        this.ApplicationName = FORCED_OVERRIDE_APPLICATION_NAME;
    }

    public override System.Web.Security.MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status)
    {
        return base.CreateUser(username, password, email, passwordQuestion, passwordAnswer,    isApproved, providerUserKey, out status);
        /*
              Do "your own thing" in this or any other override method
        */

    }


}

回复收藏 0 原文

~没有更多了~