如何以编程方式验证散列 ASP.NET 服务密码？

发布于 2024-08-08 04:18:43 字数 1254 浏览 1 评论 0原文

我有一个网站，我正在其中将成员身份从 ASP.NET 服务迁移到自定义提供程序。我想迁移现有用户而不需要他们更改密码。

用户的密码当前使用单向加密来存储。对我来说唯一的选择是使用与 ASP 服务相同的盐和密码，并使用我的自定义提供程序对其进行验证。

以下是当前用于使用 ASP.NET 服务对密码进行哈希处理的配置。

<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15" hashAlgorithmType="">
        <providers>
            <clear/>
            <add connectionStringName="dashCommerce" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="dashCommerce" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
        </providers>
</membership>

我一直在绞尽脑汁地尝试编写根据此配置生成的哈希值验证密码所需的代码。

这是我到目前为止所拥有的。任何帮助将不胜感激。

private static string CreatePasswordHash(string Password, string Salt)
{
    return FormsAuthentication.HashPasswordForStoringInConfigFile(Password + Salt, "SHA1");
}

原文

I have a website in which I am migrating membership from ASP.NET services to a custom provider. I would like to migrate existing users without them needing to change their passwords.

The users' passwords are currently stored using a one-way encryption. The only option for me is to use the same salt and passwords as the ASP services and validate against them with my custom provider.

Here is the configuration used to currently hash the passwords with ASP.NET services.

<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15" hashAlgorithmType="">
        <providers>
            <clear/>
            <add connectionStringName="dashCommerce" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="dashCommerce" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
        </providers>
</membership>

I have been pulling my hair out trying to write the code needed to validate passwords against hashes generated by this config.

This is what I have so far. Any help would be greatly appreciated.

private static string CreatePasswordHash(string Password, string Salt)
{
    return FormsAuthentication.HashPasswordForStoringInConfigFile(Password + Salt, "SHA1");
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

秋千易 2024-08-15 04:18:43

//string hashOldPassword = utl.generateHash(txtpassword.Text);
string hashOldPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(txtpassword.Text,"SHA1");

//string hashOldPassword = Membership.Provider.GetPassword(Page.User.Identity.Name.ToString(), string.Empty);
MembershipUser user = Membership.GetUser();
//string hashOldPassword = user.GetHashCode(

    if (txtnewpassword.Text.Length < 7)
    {

    }
    var userId = user.ProviderUserKey;
    var user1 = Membership.GetUser();

    MembershipPasswordFormat passwordFormat;
    string passwordSalt;
    string password;
    SqlConnection sqlconn = new SqlConnection(Connect.Connection());
    //var cstring = ConnectionStrings[Connect.Connection()];
    using (var conn = new SqlConnection(sqlconn.ConnectionString))
    {
        using (var cmd = conn.CreateCommand())
        {
            cmd.CommandText = "select PasswordFormat,PasswordSalt,Password from aspnet_Membership where UserId=@UserId";
            cmd.Parameters.AddWithValue("@UserId", userId);
            conn.Open();

            using (var rdr = cmd.ExecuteReader())
            {
                if (rdr != null && rdr.Read())
                {
                    passwordFormat = (MembershipPasswordFormat)rdr.GetInt32(0);
                    // passwordFormat = rdr.GetString(0);
                    passwordSalt = rdr.GetString(1);
                    password = rdr.GetString(2);

                    if (hashOldPassword == password)
                    {
                        user.ChangePassword(txtpassword.Text, txtnewpassword.Text);
                    }
                    else
                    {
                    }
                    //if(password.ToString()!=txtpassword)
                }
                else
                {
                    throw new Exception("An unhandled exception of type 'DoesntWorkException' has occured");
                }
            }

//string hashOldPassword = utl.generateHash(txtpassword.Text);
string hashOldPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(txtpassword.Text,"SHA1");

//string hashOldPassword = Membership.Provider.GetPassword(Page.User.Identity.Name.ToString(), string.Empty);
MembershipUser user = Membership.GetUser();
//string hashOldPassword = user.GetHashCode(

    if (txtnewpassword.Text.Length < 7)
    {

    }
    var userId = user.ProviderUserKey;
    var user1 = Membership.GetUser();

    MembershipPasswordFormat passwordFormat;
    string passwordSalt;
    string password;
    SqlConnection sqlconn = new SqlConnection(Connect.Connection());
    //var cstring = ConnectionStrings[Connect.Connection()];
    using (var conn = new SqlConnection(sqlconn.ConnectionString))
    {
        using (var cmd = conn.CreateCommand())
        {
            cmd.CommandText = "select PasswordFormat,PasswordSalt,Password from aspnet_Membership where UserId=@UserId";
            cmd.Parameters.AddWithValue("@UserId", userId);
            conn.Open();

            using (var rdr = cmd.ExecuteReader())
            {
                if (rdr != null && rdr.Read())
                {
                    passwordFormat = (MembershipPasswordFormat)rdr.GetInt32(0);
                    // passwordFormat = rdr.GetString(0);
                    passwordSalt = rdr.GetString(1);
                    password = rdr.GetString(2);

                    if (hashOldPassword == password)
                    {
                        user.ChangePassword(txtpassword.Text, txtnewpassword.Text);
                    }
                    else
                    {
                    }
                    //if(password.ToString()!=txtpassword)
                }
                else
                {
                    throw new Exception("An unhandled exception of type 'DoesntWorkException' has occured");
                }
            }

回复收藏 0 原文

许仙没带伞 2024-08-15 04:18:43

我通过反射器挖掘并找到了用于计算哈希值的代码。

private static string CreatePasswordHash(string Password, string Salt)
{
    string passwordFormat = SettingManager.GetSettingValue("Security.PasswordFormat");
    if (String.IsNullOrEmpty(passwordFormat))
        passwordFormat = "SHA1";
    byte[] bytes = Encoding.Unicode.GetBytes(Password);
    byte[] src = Convert.FromBase64String(Salt);
    byte[] dst = new byte[src.Length + bytes.Length];
    byte[] inArray = null;
    Buffer.BlockCopy(src, 0, dst, 0, src.Length);
    Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);

    HashAlgorithm algorithm = HashAlgorithm.Create(passwordFormat);
    inArray = algorithm.ComputeHash(dst);

    return Convert.ToBase64String(inArray);
}

这有效。

I dug through reflector and found the code used to compute hashes.

private static string CreatePasswordHash(string Password, string Salt)
{
    string passwordFormat = SettingManager.GetSettingValue("Security.PasswordFormat");
    if (String.IsNullOrEmpty(passwordFormat))
        passwordFormat = "SHA1";
    byte[] bytes = Encoding.Unicode.GetBytes(Password);
    byte[] src = Convert.FromBase64String(Salt);
    byte[] dst = new byte[src.Length + bytes.Length];
    byte[] inArray = null;
    Buffer.BlockCopy(src, 0, dst, 0, src.Length);
    Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);

    HashAlgorithm algorithm = HashAlgorithm.Create(passwordFormat);
    inArray = algorithm.ComputeHash(dst);

    return Convert.ToBase64String(inArray);
}

This worked.

回复收藏 0 原文

~没有更多了~