ASP.NET Membership C# - 如何比较现有密码/哈希
我已经研究这个问题有一段时间了。我需要将用户输入的密码与会员数据库中的密码进行比较。密码经过哈希处理并带有盐。 由于缺乏文档,我不知道盐是否附加到密码中,然后对其创建方式进行哈希处理。
我无法让这个匹配。从函数返回的哈希值永远不会与数据库中的哈希值匹配,而且我知道事实上它是相同的密码。微软似乎以与我不同的方式散列密码。
我希望有人能提供一些见解。
这是我的代码:
protected void Button1_Click(object sender, EventArgs e)
{
//HERE IS THE PASSWORD I USE, SAME ONE IS HASHED IN THE DB
string pwd = "Letmein44";
//HERE IS THE SALT FROM THE DB
string saltVar = "SuY4cf8wJXJAVEr3xjz4Dg==";
//HERE IS THE PASSWORD THE WAY IT STORED IN THE DB AS HASH
string bdPwd = "mPrDArrWt1+tybrjA0OZuEG1P5w=";
// FOR COMPARISON I DISPLAY IT
TextBox1.Text = bdPwd;
// HERE IS WHERE I DISPLAY THE return from THE FUNCTION, IT SHOULD MATCH THE PASSWORD FROM THE DB.
TextBox2.Text = getHashedPassUsingUserIdAsSalt(pwd, saltVar);
}
private string getHashedPassUsingUserIdAsSalt(string vPass, string vSalt)
{
string vSourceText = vPass + vSalt;
System.Text.UnicodeEncoding vUe = new System.Text.UnicodeEncoding();
byte[] vSourceBytes = vUe.GetBytes(vSourceText);
System.Security.Cryptography.SHA1CryptoServiceProvider vSHA = new System.Security.Cryptography.SHA1CryptoServiceProvider();
byte[] vHashBytes = vSHA.ComputeHash(vSourceBytes);
return Convert.ToBase64String(vHashBytes);
}
I have been on this problem for a while. I need to compare a paasword that the user enters to a password that is in the membership DB. The password is hashed and has a salt.
Because of the lack of documentation I do not know if the salt is append to the password and then hashed how how it is created.
I am unable to get this to match. The hash returned from the function never matches the hash in the DB and I know for fact it is the same password. Microsoft seems to hash the password in a different way then I am.
I hope someone has some insights please.
Here is my code:
protected void Button1_Click(object sender, EventArgs e)
{
//HERE IS THE PASSWORD I USE, SAME ONE IS HASHED IN THE DB
string pwd = "Letmein44";
//HERE IS THE SALT FROM THE DB
string saltVar = "SuY4cf8wJXJAVEr3xjz4Dg==";
//HERE IS THE PASSWORD THE WAY IT STORED IN THE DB AS HASH
string bdPwd = "mPrDArrWt1+tybrjA0OZuEG1P5w=";
// FOR COMPARISON I DISPLAY IT
TextBox1.Text = bdPwd;
// HERE IS WHERE I DISPLAY THE return from THE FUNCTION, IT SHOULD MATCH THE PASSWORD FROM THE DB.
TextBox2.Text = getHashedPassUsingUserIdAsSalt(pwd, saltVar);
}
private string getHashedPassUsingUserIdAsSalt(string vPass, string vSalt)
{
string vSourceText = vPass + vSalt;
System.Text.UnicodeEncoding vUe = new System.Text.UnicodeEncoding();
byte[] vSourceBytes = vUe.GetBytes(vSourceText);
System.Security.Cryptography.SHA1CryptoServiceProvider vSHA = new System.Security.Cryptography.SHA1CryptoServiceProvider();
byte[] vHashBytes = vSHA.ComputeHash(vSourceBytes);
return Convert.ToBase64String(vHashBytes);
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
使用 Reflector 等工具,您可以查看会员提供商的功能。
这就是过去对我有用的方法(假设passwordFormat 1,即SHA1):
其中
saltAsBase64来自aspnet_Membership的PasswordSalt列桌子。编辑:
示例用法:
Using a tool like Reflector, you can see what the membership provider does.
This is what has worked for me in the past (assumes passwordFormat 1, i.e. SHA1):
Where
saltAsBase64is from thePasswordSaltcolumn of theaspnet_Membershiptable.EDIT:
Example usage:
这么多工作! Microsoft 通过
HashPasswordForStoringInConfigFile让生活变得更加轻松:So much work! Microsoft makes life much easier with
HashPasswordForStoringInConfigFile: