1. 首頁
  2. 問答
  3. 如何以編程方式驗證散列ASP.NET服務密碼?

如何以編程方式驗證散列ASP.NET服務密碼?

2009-10-14 94 views
2

我有一個網站,我正在從ASP.NET服務遷移到自定義提供商的會員資格。我想遷移現有用戶而不需要更改他們的密碼。如何以編程方式驗證散列ASP.NET服務密碼?

用戶密碼當前使用單向加密存儲。對我來說,唯一的選擇是使用與ASP服務相同的鹽和密碼,並使用我的自定義提供程序對它們進行驗證。

以下是用於當前使用ASP.NET服務對密碼進行哈希處理的配置。

<membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15" hashAlgorithmType=""> 
     <providers> 
      <clear/> 
      <add connectionStringName="dashCommerce" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="dashCommerce" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> 
     </providers> 
</membership>

我一直在拉我的頭髮,試圖編寫驗證密碼,防止由此配置生成的哈希密碼。

這是我到目前爲止。任何幫助將不勝感激。

private static string CreatePasswordHash(string Password, string Salt) 
{ 
    return FormsAuthentication.HashPasswordForStoringInConfigFile(Password + Salt, "SHA1"); 
}

來源

2009-10-14 Paul Knopf

回答

2

我挖通過反射器,發現用於計算散列的代碼。

private static string CreatePasswordHash(string Password, string Salt) 
{ 
    string passwordFormat = SettingManager.GetSettingValue("Security.PasswordFormat"); 
    if (String.IsNullOrEmpty(passwordFormat)) 
     passwordFormat = "SHA1"; 
    byte[] bytes = Encoding.Unicode.GetBytes(Password); 
    byte[] src = Convert.FromBase64String(Salt); 
    byte[] dst = new byte[src.Length + bytes.Length]; 
    byte[] inArray = null; 
    Buffer.BlockCopy(src, 0, dst, 0, src.Length); 
    Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length); 

    HashAlgorithm algorithm = HashAlgorithm.Create(passwordFormat); 
    inArray = algorithm.ComputeHash(dst); 

    return Convert.ToBase64String(inArray); 
}

這工作。

來源

2009-10-14 05:30:38

+0

當我使用這個例子時,我在'SettingManager'上得到一個錯誤。爲什麼? – 2010-09-21 10:07:40

+0

對不起,一些應用程序特定的代碼。只是讓它說SHA1 – 2010-09-21 17:23:15

2 
//string hashOldPassword = utl.generateHash(txtpassword.Text); 
string hashOldPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(txtpassword.Text,"SHA1"); 

//string hashOldPassword = Membership.Provider.GetPassword(Page.User.Identity.Name.ToString(), string.Empty); 
MembershipUser user = Membership.GetUser(); 
//string hashOldPassword = user.GetHashCode(

    if (txtnewpassword.Text.Length < 7) 
    { 

    } 
    var userId = user.ProviderUserKey; 
    var user1 = Membership.GetUser(); 

    MembershipPasswordFormat passwordFormat; 
    string passwordSalt; 
    string password; 
    SqlConnection sqlconn = new SqlConnection(Connect.Connection()); 
    //var cstring = ConnectionStrings[Connect.Connection()]; 
    using (var conn = new SqlConnection(sqlconn.ConnectionString)) 
    { 
     using (var cmd = conn.CreateCommand()) 
     { 
      cmd.CommandText = "select PasswordFormat,PasswordSalt,Password from aspnet_Membership where [email protected]"; 
      cmd.Parameters.AddWithValue("@UserId", userId); 
      conn.Open(); 

      using (var rdr = cmd.ExecuteReader()) 
      { 
       if (rdr != null && rdr.Read()) 
       { 
        passwordFormat = (MembershipPasswordFormat)rdr.GetInt32(0); 
        // passwordFormat = rdr.GetString(0); 
        passwordSalt = rdr.GetString(1); 
        password = rdr.GetString(2); 

        if (hashOldPassword == password) 
        { 
         user.ChangePassword(txtpassword.Text, txtnewpassword.Text); 
        } 
        else 
        { 
        } 
        //if(password.ToString()!=txtpassword) 
       } 
       else 
       { 
        throw new Exception("An unhandled exception of type 'DoesntWorkException' has occured"); 
       } 
      }

來源

2010-09-27 11:10:02 vaishali

相關問題

 相關問題