如何创建自定义 asp.net sql 成员资格提供程序以将哈希密码保存在 SHA256 中?
我正在构建一个 Web 应用程序,使用 ASP.net 会员提供程序来管理身份验证/授权。我已经这样做过很多次了,但这次我需要将哈希密码存储在 SHA256 中,而不是标准密码哈希值 SHA1。
看看 SQLMembershipProvider 上的可重写方法,我认为我至少必须重写一个方法才能让这只小狗工作:
byte[] EncryptPassword(byte[] password)
我还必须更改 aspnet_Membership.Password 字段以适应新散列的内容密码,目前只有 nvarchar(128)。
我希望在扩展 SqlMembershipProvider 方面有更多经验的人能够给我一些指示。
谢谢。
注意:虽然我使用的是 .net 2.0 会员提供程序,但我实际上正在运行 .net 3.5
I'm building a web application using the ASP.net Membership Provider to manage, Authentication/Authorisation. I've done this a bunch of times, but this time I need to store the hashed password in SHA256, instead of the standard password hash which is SHA1.
Looking at the overridable methods on the SQLMembershipProvider there is at least one that I think I'm going to have to override in order to get this puppy to work:
byte[] EncryptPassword(byte[] password)
I'll also have to change the aspnet_Membership.Password field cope with the newly hashed password, currently it's only nvarchar(128).
I was hoping that someone with a little more experience on extending the SqlMembershipProvider might be able to give me some pointers.
Thanks.
note: Although I'm using the .net 2.0 membership provider, I'm actually running .net 3.5
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在创建我自己的会员提供程序之前,我会首先尝试遵循此答案中列出的解决方案:
ASP.NET 成员资格使用的默认哈希算法是什么?
据我所知, SHA256 输出 64 个字符的字符串,因此使用 varchar(128) 字段应该是安全的。
I would try following the solutions listed in this answer first before creating my own membership provider:
What is default hash algorithm that ASP.NET membership uses?
As far as I can tell, SHA256 outputs a 64 character string, so you should be safe with the varchar(128) field.