Telerik Sitefinity密码散列函数 [英] Telerik Sitefinity Password Hash function

问题描述

我有一个带有Telerik Sitefinity系统登录凭证的表格。我想使用相同的登录凭证，但使用不具有Sitefinity库的不同应用程序。我努力使用密码编码，它被设置为哈希（默认值是SHA1算法）。

我尝试使用下面的代码来编码密码，但它没有'与$ Sitefinity生成的内容相匹配。
$ b $ pre $ public string EncodePassword（string pass，string salt）
{
byte [] bytes = Encoding.Unicode.GetBytes（pass）;
byte [] src = Convert.FromBase64String（salt）;
byte [] dst =新字节[src.Length + bytes.Length];
Buffer.BlockCopy（src，0，dst，0，src.Length）;
Buffer.BlockCopy（bytes，0，dst，src.Length，bytes.Length）;
HashAlgorithm algorithm = HashAlgorithm.Create（SHA1）;
byte [] inArray = algorithm.ComputeHash（dst）;
return Convert.ToBase64String（inArray）;



举例：

PASSWORD：password111

SALT：94EBE09530D9F5FAE3D002A4BF262D2F（保存在SF用户表中）

：8IjcFO4ad8BdkD40NJcgD0iGloU =

由SF生成的表中的哈希值：A24GuU8OasJ2bicvT / E4ZiKfAT8 =

以不同方式生成编码密码，但找不到任何结果。我如何使用由SF创建的登录凭证而无需SF库？

解决方案

You right，Sitefinity正在使用SHA1算法，但您需要从配置设置中使用额外的ValidationKey。

这里是你的代码的工作示例：

  private static bool CheckValidPassword（字符串密码）
 {
 //从sf_users列[salt] 
 var userSalt =420540B274162AA093FDAC86894F3172; 
 
 //从sf_users列[passwd] 
 var userPassword =a99j8I0em8DOP1IAJO / O7umQ + H0 =; 
 
 //从App_Data\Sitefinity\Configuration\SecurityConfig.config属性 的validationKey 
 VAR的validationKey = 862391D1B281951D5D92837F4DB9714E0A5630F96483FF39E4307AE733424C557354AE85FF1C00D73AEB48DF3421DD159F6BFA165FF8E812341611BDE60E0D4A; 
 
返回userPassword == ComputeHash（密码+ userSalt，validationKey）; 
 
 
内部静态字符串ComputeHash（字符串数据，字符串键）
 {
 byte [] hashKey = HexToBytes（key）; 
 HMACSHA1 hmacshA1 = new HMACSHA1（）; 
 hmacshA1.Key = hashKey; 
 var hash = hmacshA1.ComputeHash（Encoding.Unicode.GetBytes（data））; 
 return Convert.ToBase64String（hash）; 
 
 $ b $ public static byte [] HexToBytes（string hexString）
 {
 byte [] numArray = new byte [hexString.Length / 2]; （int index = 0; index< numArray.Length; ++ index）
 numArray [index] = Convert.ToByte（hexString.Substring（index * 2，2），16）; 
返回numArray; 
} 
  

I have a table with login credentials for a Telerik Sitefinity system. I want to use the same login credentials, but with a different application that doesn't have Sitefinity libraries. I'm struggling with the password encoding, which is set to Hash (Default is SHA1 algorithm).

I tried using the following code to encode passwords, but it doesn't match up with what Sitefinity generated.

public string EncodePassword(string pass, string salt)
{
    byte[] bytes = Encoding.Unicode.GetBytes(pass);
    byte[] src = Convert.FromBase64String(salt); 
    byte[] dst = new byte[src.Length + bytes.Length];
    Buffer.BlockCopy(src, 0, dst, 0, src.Length);
    Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
    HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
    byte[] inArray = algorithm.ComputeHash(dst);
    return Convert.ToBase64String(inArray);
} 

EXAMPLE:

PASSWORD: password111

SALT: 94EBE09530D9F5FAE3D002A4BF262D2F (as saved in the SF user table)

Hash with function above: 8IjcFO4ad8BdkD40NJcgD0iGloU=

Hash in table generated by SF:A24GuU8OasJ2bicvT/E4ZiKfAT8=

I have searched online if SF generates the encoded password differently, but can't find any results. How can I use the login credentials created by SF without SF libraries?

解决方案

You right, Sitefinity is using SHA1 algorithm, but you need to use additional ValidationKey from configuration settings.

Here the working example of code for you:

private static bool CheckValidPassword(string password)
{
    //from sf_users column [salt]
    var userSalt = "420540B274162AA093FDAC86894F3172";

    //from sf_users column [passwd]
    var userPassword = "a99j8I0em8DOP1IAJO/O7umQ+H0=";

    //from App_Data\Sitefinity\Configuration\SecurityConfig.config attribute "validationKey"
    var validationKey = "862391D1B281951D5D92837F4DB9714E0A5630F96483FF39E4307AE733424C557354AE85FF1C00D73AEB48DF3421DD159F6BFA165FF8E812341611BDE60E0D4A";

    return userPassword == ComputeHash(password + userSalt, validationKey);
}

internal static string ComputeHash(string data, string key)
{
    byte[] hashKey = HexToBytes(key);
    HMACSHA1 hmacshA1 = new HMACSHA1();
    hmacshA1.Key = hashKey;
    var hash = hmacshA1.ComputeHash(Encoding.Unicode.GetBytes(data));
    return Convert.ToBase64String(hash);
}

public static byte[] HexToBytes(string hexString)
{
    byte[] numArray = new byte[hexString.Length / 2];
    for (int index = 0; index < numArray.Length; ++index)
        numArray[index] = Convert.ToByte(hexString.Substring(index * 2, 2), 16);
    return numArray;
}

这篇关于Telerik Sitefinity密码散列函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！