WebMatrix中WebSecurity PasswordSalt [英] WebMatrix WebSecurity PasswordSalt

问题描述

我使用WebMatrix中并建成了基于StarterSite网站。在这个初学者网站，你得到一个不错的基本布局 - 包括注册，登录，忘记密码的页面等等...

I am using WebMatrix and have built a website based on the "StarterSite". In this starter site you get a nice basic layout - including registration, login, forgot password pages etc...

我注意到，该webpages_Membership表中有一个名为PasswordSalt列的数据库。创建一些新的用户帐户后，该列始终保持空白。所以我假设没有密码盐（甚至不是一个默认的）在使用中。

I've noticed that in the database that the "webpages_Membership" table has a column named "PasswordSalt". After creating a few new user accounts, this column always remains blank. So I'm assuming that no password salt (not even a default one) is in use.

显然，这不是最好的做法，但是我似乎无法找到，告诉我如何设置或管理密码盐的任何文件。

Obviously this is not the best practice, however I cannot seem to find any documentation that tells me how to set or manage the password salt.

如何能我设置的密码盐与WebSecurity助手？

How can I set the password salt with the WebSecurity Helper?

推荐答案

以上回答给出了IM pression有使用的时候不加盐腌 WebSecurity SimpleMembershipProvider 。

The above answer gives the impression that there is no salting applied when using WebSecurity SimpleMembershipProvider.

这是不正确的。事实上，数据库盐场不使用，然而，这并不表示不存在的盐散列密码时生成的。

That is not true. Indeed the database salt field is not used, however this does not indicate that there is no salt generated when hashing the password.

在 WebSecurity 取值 SimpleMembershipProvider 使用PBKDF2算法中的<$ C $，生成随机盐C> StaticRandomNumberGenerator 并保存在密码字段与哈希：

In WebSecuritys SimpleMembershipProvider the PBKDF2 algo is used, the random salt is generated by the StaticRandomNumberGenerator and stored in the password field with the hash:

byte[] outputBytes = new byte[1 + SALT_SIZE + PBKDF2_SUBKEY_LENGTH];
Buffer.BlockCopy(salt, 0, outputBytes, 1, SALT_SIZE); 
Buffer.BlockCopy(subkey, 0, outputBytes, 1 + SALT_SIZE, PBKDF2_SUBKEY_LENGTH);
return Convert.ToBase64String(outputBytes);

这篇关于WebMatrix中WebSecurity PasswordSalt的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！