当前位置：文江博客话题详情

在机器密钥更改期间维护 ASP.Net 成员密码

发布于 2024-09-30 04:25:33 字数 55 浏览 4 评论 0原文

是否有实用程序或代码示例可以使用旧密钥解密，然后使用新密钥为 ASP.Net 会员用户加密密码？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

紫南 2024-10-07 04:25:33

提到的解决方法都不适合我。
我的解决方案如下。它首先以明文形式存储密码，然后使用新的 MachineKey 再次对其进行重新加密。

机器密钥更改

回复收藏 0 原文

℉絮湮 2024-10-07 04:25:33

这是我对解决方案的最佳猜测，但我还没有机会测试它。它依赖于当前提供程序的以下设置：

enablePasswordRetrieval="true" requiresQuestionAndAnswer="false" passwordFormat="Encrypted"

它还假设新的机器密钥已在配置文件中。

创建以下类（感谢 mootinator 的帮助）

using System.Reflection;
using System.Web.Configuration;
using System.Web.Security;
namespace MyNamespace
{
    public class MySqlMembershipProvider : SqlMembershipProvider
    {
        protected override byte[] DecryptPassword(byte[] encodedPassword)
        {
            MachineKeySection section = (MachineKeySection)WebConfigurationManager.GetSection("system.web/machineKey");
            section.DecryptionKey = "oldkey"; // TODO: Set your old key here

            MethodInfo method = typeof(MachineKeySection).GetMethod("EncryptOrDecryptData", BindingFlags.Instance | BindingFlags.NonPublic);

            return (byte[])method.Invoke(section, new object[] { encodedPassword, null, 0, encodedPassword.Length, 0, false, false });
        }
    }
}

在您的 web.config 中：

<membership defaultProvider="DefaultSqlMembershipProvider">
  <providers>
    <clear/>
    <add name="DefaultSqlMembershipProvider" connectionStringName="MembershipConnectionString" enablePasswordRetrieval="true" requiresQuestionAndAnswer="false" applicationName="TODO" passwordFormat="Encrypted" type="System.Web.Security.SqlMembershipProvider"/>
    <add name="MySqlMembershipProvider" connectionStringName="MembershipConnectionString" enablePasswordRetrieval="true" requiresQuestionAndAnswer="false" applicationName="TODO" passwordFormat="Encrypted" type="MyNamespace.MySqlMembershipProvider"/>
  </providers>
</membership>

使用以下代码更改密码：

MembershipProvider retrievePasswordProvider = Membership.Providers["MySqlMembershipProvider"];

foreach (MembershipUser user in Membership.GetAllUsers())
{
    MembershipUser retrievePassworedUser = retrievePasswordProvider.GetUser(user.UserName, false);
    string password = retrievePassworedUser.GetPassword(); // get password using old key

    user.ChangePassword(password, password); // change password to same password using new key
}

让我知道这是否适合您。

This is my best guess at a solution, but I haven't had a chance to test it. It relies on the following settings for your current provider:

enablePasswordRetrieval="true" requiresQuestionAndAnswer="false" passwordFormat="Encrypted"

It also assumes that the new machinekey is already in the config file.

Create the following class (thanks to mootinator for the jumpstart on this)

using System.Reflection;
using System.Web.Configuration;
using System.Web.Security;
namespace MyNamespace
{
    public class MySqlMembershipProvider : SqlMembershipProvider
    {
        protected override byte[] DecryptPassword(byte[] encodedPassword)
        {
            MachineKeySection section = (MachineKeySection)WebConfigurationManager.GetSection("system.web/machineKey");
            section.DecryptionKey = "oldkey"; // TODO: Set your old key here

            MethodInfo method = typeof(MachineKeySection).GetMethod("EncryptOrDecryptData", BindingFlags.Instance | BindingFlags.NonPublic);

            return (byte[])method.Invoke(section, new object[] { encodedPassword, null, 0, encodedPassword.Length, 0, false, false });
        }
    }
}

In your web.config:

<membership defaultProvider="DefaultSqlMembershipProvider">
  <providers>
    <clear/>
    <add name="DefaultSqlMembershipProvider" connectionStringName="MembershipConnectionString" enablePasswordRetrieval="true" requiresQuestionAndAnswer="false" applicationName="TODO" passwordFormat="Encrypted" type="System.Web.Security.SqlMembershipProvider"/>
    <add name="MySqlMembershipProvider" connectionStringName="MembershipConnectionString" enablePasswordRetrieval="true" requiresQuestionAndAnswer="false" applicationName="TODO" passwordFormat="Encrypted" type="MyNamespace.MySqlMembershipProvider"/>
  </providers>
</membership>

Change the passwords with the following code:

MembershipProvider retrievePasswordProvider = Membership.Providers["MySqlMembershipProvider"];

foreach (MembershipUser user in Membership.GetAllUsers())
{
    MembershipUser retrievePassworedUser = retrievePasswordProvider.GetUser(user.UserName, false);
    string password = retrievePassworedUser.GetPassword(); // get password using old key

    user.ChangePassword(password, password); // change password to same password using new key
}

Let me know if that works for you.

回复收藏 0 原文

铃予 2024-10-07 04:25:33

我认为您可以通过动态设置密钥来做到这一点：

您可能必须扩展 SqlMembershipProvider （或您使用的任何内容）才能访问 protected DecryptPassword 方法。

    MachineKeySection section = (MachineKeySection)WebConfigurationManager.GetSection("system.web/machineKey");

section.DecryptionKey = "old";
// Read old password
section.DecryptionKey = "new";
// Store new password

I think you could do this by setting the key on the fly:

You might have to extend the SqlMembershipProvider (or whatever you use) to get access to the protected DecryptPassword method.

    MachineKeySection section = (MachineKeySection)WebConfigurationManager.GetSection("system.web/machineKey");

section.DecryptionKey = "old";
// Read old password
section.DecryptionKey = "new";
// Store new password

回复收藏 0 原文

~没有更多了~