用于工作密码哈希,现在我不能进入我的软件 [英] Password hashing used to work, now I can't get into my software

查看:214
本文介绍了用于工作密码哈希,现在我不能进入我的软件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我咸鱼和散列我登录 / p>

当我这样做,在数据库中的密码和盐田只是VARCHAR列。该数据显示在SQL Server Management Studio中的问号。



然后一个朋友来了,改变了列nvarchar数据类型而现在的数据似乎是集合亚洲字母/字 - 我想有没有感觉背后甚至人谁不读它是什么语言



但问题是,现在,甚至当我创建了一个新的用户每次登录尝试失败。



用户添加和登录 

 公共用户登录()//返回自己的类
 {
 
的一个实例//获取用户
变种auser盐值= ie.users.FirstOrDefault(U =>的String.Compare(u.emailaddress,EMAILADDRESS,FALSE)== 0);如果
(auser == NULL)
 {
抛出新ValidationException(用户未找到); 
} 
 
 //散列登录进行比较,存储密码哈希
 HashGenerator H =新HashGenerator(密码,auser.usersalt); 
字符串哈希= h.GetHash(); 
 
变种我们= ie.users.FirstOrDefault(U =>的String.Compare(u.emailaddress,EMAILADDRESS,FALSE)== 0安培;&放大器;的String.Compare(u.password,密码,假)== 0); 
 
如果(我们== NULL)
 {
抛出新的异常(无效的电子邮件地址和/或密码。); //似乎这里的地方出了问题
} 
用户的用户=新用户(); 
 
 user.userid = us.userid; 
 user.storeid = us.storeid; 
 user.role = us.role; 
 
回报用户; //登录成功,将数据返回到调用方法
} 
 
公共无效添加()
 {
用户NEWUSER =新用户(); 
 newuser.storeid = STOREID; 
 newuser.emailaddress = EMAILADDRESS; 
 
 //生成密码哈希值
串usersalt = SaltGenerator.GetSaltString(); 
 HashGenerator哈希=新HashGenerator(密码,usersalt); 
 newuser.password = hash.GetHash(); 
 
 newuser.role =作用; 
 newuser.usersalt = usersalt; 
 
 ie.users.Add(NEWUSER); 
 ie.SaveChanges(); 
}



哈希和盐生成 



 公共类HashGenerator 
 {
公共字符串传递{搞定;保护套; } 
公共字符串盐{搞定;保护套; } 
 
公共HashGenerator(字符串密码,串盐)
 {
通=密码; 
盐=盐; 
} 
 
公共字符串GetHash()
 {
 SHA512 SHA =新SHA512CryptoServiceProvider(); 
字节[]数据= CryptUtility.GetBytes(的String.Format({0} {1},通,盐)); 
字节[] =哈希sha.ComputeHash(数据); 
 
返回CryptUtility.GetString(散); 
} 
} 
 
公共静态类SaltGenerator 
 {
私有静态RNGCryptoServiceProvider提供商= NULL; 
私人const int的saltSize = 128; 
 
静态SaltGenerator()
 {
提供商=新RNGCryptoServiceProvider(); 
} 
 
公共静态字符串GetSaltString()
 {
字节[] = saltBytes新的字节[saltSize] 
 
 provider.GetNonZeroBytes(saltBytes); 
 
返回CryptUtility.GetString(saltBytes); 
} 
}



地穴实用程序,用于获取字符串和字节 

 类CryptUtility 
 {
公共静态的byte [] GetBytes会(字符串str)
 {
字节[]字节=新的字节[Str.Length *的sizeof(字符)]; 
 System.Buffer.BlockCopy(Str.ToCharArray(),0,字节,0,bytes.Length); 
返回字节; 
} 
 
公共静态字符串的GetString(字节[]字节)
 {
的char [] =字符新的char [Bytes.Length /的sizeof(字符)]; 
 System.Buffer.BlockCopy(字节,0,字符,0,Bytes.Length); 
返回新的字符串(字符); 
} 
}



曾经工作过的登录名和验证码也没有自那时以来,改变了...这是唯一改变的是,在用户表中的密码和盐柱现在为nvarchar 而不是 VARCHAR



不过,我想我会创建与上面的方法添加一个新用户,但与该用户登录失败也是如此。



我真的不知所措对如何解决这个问题。我无法继续开发系统的其余部分,如果我不能访问它来测试。



任何帮助将不胜感激!


解决方案

姆你不应该使用变量




哈希




进行比较?

  //哈希登录进行比较,存储密码哈希
 HashGenerator H =新HashGenerator(密码,auser.usersalt); 
字符串哈希= h.GetHash(); 
 
变种我们= ie.users.FirstOrDefault(U =>的String.Compare(u.emailaddress,EMAILADDRESS,FALSE)== 0安培;&放大器;的String.Compare(u.password,哈希,假)== 0);


I salted and hashed my logins according to this Code Project article

When I did this, my password and salt fields in the database were just varchar columns. The data was displayed in SQL Server Management Studio as question marks.

A friend then came and changed the columns to nvarchar data type and now the data appears to be a collection of Asian letters/words - I assume there's no sense behind it even to someone who does read whatever language it is.

The problem is that now, even when I created a new user, every login attempt fails.

User addition and login 

    public User Login() // returns an instance of its own class
    {

        // get the salt value for the user
        var auser = ie.users.FirstOrDefault(u => String.Compare(u.emailaddress, emailaddress, false) == 0);
        if (auser == null)
        {
            throw new ValidationException("User not found");
        }

        // hash the login for comparison to stored password hash
        HashGenerator h = new HashGenerator(password, auser.usersalt);
        string hash = h.GetHash();

        var us = ie.users.FirstOrDefault(u => String.Compare(u.emailaddress, emailaddress, false) == 0 && String.Compare(u.password, password, false) == 0);

        if (us == null)
        {
            throw new Exception("Invalid email address and/or password."); // seems here's where it goes wrong
        }
        User user = new User();

        user.userid = us.userid;
        user.storeid = us.storeid;
        user.role = us.role;

        return user; // login succeeded, return the data to the calling method
    }

    public void Add()
    {
        user newuser = new user();
        newuser.storeid = storeid;
        newuser.emailaddress = emailaddress;

        // Generate password hash
        string usersalt = SaltGenerator.GetSaltString();
        HashGenerator hash = new HashGenerator(password, usersalt);
        newuser.password = hash.GetHash();

        newuser.role = role;
        newuser.usersalt = usersalt;

        ie.users.Add(newuser);
        ie.SaveChanges();
    }

Hash and Salt Generator 

public class HashGenerator
{
    public string pass { get; protected set; }
    public string salt { get; protected set; }

    public HashGenerator(string Password, string Salt)
    {
        pass = Password;
        salt = Salt;
    }

    public string GetHash()
    {
        SHA512 sha = new SHA512CryptoServiceProvider();
        byte[] data = CryptUtility.GetBytes(String.Format("{0}{1}", pass, salt));
        byte[] hash = sha.ComputeHash(data);

        return CryptUtility.GetString(hash);
    }
}

public static class SaltGenerator
{
    private static RNGCryptoServiceProvider provider = null;
    private const int saltSize = 128;

    static SaltGenerator()
    {
        provider = new RNGCryptoServiceProvider();
    }

    public static string GetSaltString()
    {
        byte[] saltBytes = new byte[saltSize];

        provider.GetNonZeroBytes(saltBytes);

        return CryptUtility.GetString(saltBytes);
    }
}

Crypt utility for getting strings and bytes 

class CryptUtility
{
    public static byte[] GetBytes(string Str)
    {
        byte[] bytes = new byte[Str.Length * sizeof(char)];
        System.Buffer.BlockCopy(Str.ToCharArray(), 0, bytes, 0, bytes.Length);
        return bytes;
    }

    public static string GetString(byte[] Bytes)
    {
        char[] chars = new char[Bytes.Length / sizeof(char)];
        System.Buffer.BlockCopy(Bytes, 0, chars, 0, Bytes.Length);
        return new string(chars);
    }
}

The login used to work and this code hasn't changed since then... The only thing that's changed is that the password and salt columns in the users table are now nvarchar instead of varchar.

That said, I figured I'd create a new user with the add method above, but logging in with that user fails as well.

I'm really at a loss as to how to fix this. I can't proceed to develop the rest of the system if I can't access it to test.

Any help will be greatly appreciated!

解决方案

humm shouldn't you be using the variable

hash

for the comparison ?

    // hash the login for comparison to stored password hash
    HashGenerator h = new HashGenerator(password, auser.usersalt);
    string hash = h.GetHash();

    var us = ie.users.FirstOrDefault(u => String.Compare(u.emailaddress, emailaddress, false) == 0 && String.Compare(u.password, hash, false) == 0);

这篇关于用于工作密码哈希,现在我不能进入我的软件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆