ASP.NET成员C# - 如何比较现有的密码/哈希 [英] ASP.NET Membership C# - How to compare existing password/hash
问题描述
我一直在这个问题上一段时间。我需要比较用户输入一个密码,那就是在会员DB一个paasword。密码散列,并具有盐。
,因为缺少文档,如果盐追加到密码,然后散列它是如何如何创建的,我不知道。
我无力获得此相匹配。从函数返回的哈希值永远不匹配DB中的哈希值,我知道其实它是相同的密码。微软似乎散列,然后以不同的方式,我的密码。
我希望有人有一些见解吧。
下面是我的代码:
保护无效的button1_Click(对象发件人,EventArgs五)
{
//这里是密码我用,同一台被散列在DB
字符串PWD =Letmein44;
//下面是从DB
串saltVar =SuY4cf8wJXJAVEr3xjz4Dg ==盐析;
//这里是密码方式,它存储在DB哈希
串bdPwd =mPrDArrWt1 + tybrjA0OZuEG1P5w =;
//为了对比使其显示出来
TextBox1.Text = bdPwd;
//这里是我显示从函数的返回,它应与从数据库中的密码。
TextBox2.Text = getHashedPassUsingUserIdAsSalt(PWD,saltVar);
}
私人字符串getHashedPassUsingUserIdAsSalt(字符串的V通过,串vSalt)
{
串vSourceText = V通过+ vSalt;
System.Text.UnicodeEncoding VUE =新System.Text.UnicodeEncoding();
字节[] = vSourceBytes vUe.GetBytes(vSourceText);
System.Security.Cryptography.SHA1CryptoServiceProvider vSHA =新System.Security.Cryptography.SHA1CryptoServiceProvider();
字节[] = vHashBytes vSHA.ComputeHash(vSourceBytes);
返回Convert.ToBase64String(vHashBytes);
}
使用工具,如反射,你可以看到成员提供做什么。
这是在过去为我工作(假定了passwordFormat 1,即SHA1):
公共静态字符串GenerateHash(PWD串,串saltAsBase64)
{
的byte [] P1 = Convert.FromBase64String(saltAsBase64);
返回GenerateHash(PWD,P1);
}
公共静态字符串GenerateHash(PWD字符串,字节[] saltAsByteArray)
{
System.Security.Cryptography.SHA1 SHA =新System.Security.Cryptography .SHA1CryptoServiceProvider();
字节[] P1 = saltAsByteArray;
的byte [] P2 = System.Text.Encoding.Unicode.GetBytes(PWD);
字节[]数据=新的字节[p1.Length + p2.Length];
p1.CopyTo(数据,0);
p2.CopyTo(数据,p1.Length);
字节[]结果= sha.ComputeHash(数据);
串解析度= Convert.ToBase64String(结果);
返回水库;
}
在这里:saltAsBase64是由aspnet_Membership表的PasswordSalt列
编辑:
实例:
字符串PWD =Letmein44;
串saltAsBase64 =SuY4cf8wJXJAVEr3xjz4Dg ==;
字符串哈希= GenerateHash(PWD,saltAsBase64);
//散列:mPrDArrWt1 + tybrjA0OZuEG1P5w =
I have been on this problem for a while. I need to compare a paasword that the user enters to a password that is in the membership DB. The password is hashed and has a salt. Because of the lack of documentation I do not know if the salt is append to the password and then hashed how how it is created.
I am unable to get this to match. The hash returned from the function never matches the hash in the DB and I know for fact it is the same password. Microsoft seems to hash the password in a different way then I am.
I hope someone has some insights please.
Here is my code:
protected void Button1_Click(object sender, EventArgs e)
{
//HERE IS THE PASSWORD I USE, SAME ONE IS HASHED IN THE DB
string pwd = "Letmein44";
//HERE IS THE SALT FROM THE DB
string saltVar = "SuY4cf8wJXJAVEr3xjz4Dg==";
//HERE IS THE PASSWORD THE WAY IT STORED IN THE DB AS HASH
string bdPwd = "mPrDArrWt1+tybrjA0OZuEG1P5w=";
// FOR COMPARISON I DISPLAY IT
TextBox1.Text = bdPwd;
// HERE IS WHERE I DISPLAY THE return from THE FUNCTION, IT SHOULD MATCH THE PASSWORD FROM THE DB.
TextBox2.Text = getHashedPassUsingUserIdAsSalt(pwd, saltVar);
}
private string getHashedPassUsingUserIdAsSalt(string vPass, string vSalt)
{
string vSourceText = vPass + vSalt;
System.Text.UnicodeEncoding vUe = new System.Text.UnicodeEncoding();
byte[] vSourceBytes = vUe.GetBytes(vSourceText);
System.Security.Cryptography.SHA1CryptoServiceProvider vSHA = new System.Security.Cryptography.SHA1CryptoServiceProvider();
byte[] vHashBytes = vSHA.ComputeHash(vSourceBytes);
return Convert.ToBase64String(vHashBytes);
}
Using a tool like Reflector, you can see what the membership provider does. This is what has worked for me in the past (assumes passwordFormat 1, i.e. SHA1) :
public static string GenerateHash(string pwd, string saltAsBase64)
{
byte[] p1 = Convert.FromBase64String(saltAsBase64);
return GenerateHash(pwd, p1);
}
public static string GenerateHash(string pwd, byte[] saltAsByteArray)
{
System.Security.Cryptography.SHA1 sha = new System.Security.Cryptography.SHA1CryptoServiceProvider();
byte[] p1 = saltAsByteArray;
byte[] p2 = System.Text.Encoding.Unicode.GetBytes(pwd);
byte[] data = new byte[p1.Length + p2.Length];
p1.CopyTo(data, 0);
p2.CopyTo(data, p1.Length);
byte[] result = sha.ComputeHash(data);
string res = Convert.ToBase64String(result);
return res;
}
Where : "saltAsBase64" is from the PasswordSalt column of aspnet_Membership table.
EDIT :
Example usage :
string pwd = "Letmein44";
string saltAsBase64 = "SuY4cf8wJXJAVEr3xjz4Dg==";
string hash = GenerateHash(pwd, saltAsBase64);
// hash : "mPrDArrWt1+tybrjA0OZuEG1P5w="
这篇关于ASP.NET成员C# - 如何比较现有的密码/哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!