如何更改MVC 5中散列和加密的密码? [英] How do I change a password that's hashed and salted in MVC 5?
问题描述
我正在为一个网站创建一个主页,我偶然发现了一个小功能。
所以我使用数据库(SQL)来保存我的用户。
我正在抛出一些alt并散列他们的密码,但后来问题来了。
如果用户试图更改密码,
我要求他插入他的旧密码,他的新密码并确认他的新密码。
然而,由于密码经过哈希处理和加密,因此它们不匹配,我在SQL中的存储过程返回-2。
Hi,
I'm creating a Homepage for a website and I've stumbled in a small feature.
So I'm using a database (SQL) to save my users.
I'm throwing some alt and hashing their passwords but then my problem comes.
If the user attempts to change his password,
I ask him to insert his older password, his new and confirm his new.
Yet since the passwords are hashed and salted they don't match and my stored procedure in SQL returns -2.
ALTER PROCEDURE [dbo].[spChangePassword]
(
@sUsername varchar(50),
@sPasswordNew varchar(100),
@sPasswordNewSalt varchar (128),
@sPasswordNew varchar (100),
@sPasswordNewSalt varchar (128),
)
AS
BEGIN
SET NOCOUNT ON;
if (exists (select 1
from USERS
where Username = @sUsername
and Password = @sPasswordOld))
begin
if (exists (select 1
from USERS
where Username = @sUsername
and Password != @sPasswordNew))
begin
select 1;
update BLC_USER
set Password = @sPasswordNova,
Password_Salt = @sPasswordNewSalt,
where Username = @sUsername;
end
else
select -1; -- New Pass = Old Pass, please chnage
end
else
select -2; -- Old Pass is wrong
END
我是否在哈希密码方面做错了什么?
如何比较两个盐渍密码?
干杯,
Zamuk
Am I doing something wrong in regards to the hashing passwords?
How can I compare two salted passwords?
Cheers,
Zamuk
推荐答案
当用户首次设置密码时,您通过C#散列密码,然后将该值存储在数据库中。
当他们想要更改密码时,你在C#中散列他们为当前密码输入的值然后你从sql中读取哈希并比较哈希值到看看它们是否相同。
When a user first sets their password you hash the password through C# and then store that value in the database.
When they want to change the password, you hash in C# the value they put in for current password and then you read the hash from sql and compare the hash values to see if they are the same.
这篇关于如何更改MVC 5中散列和加密的密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
