手动密码验证ASP.NET

时间:2013-12-05 17:30:56

标签: asp.net asp.net-mvc authentication asp.net-identity

我有一个现有的网站,我想升级到MVC 5.我想利用新的ASP.NET身份。似乎没有直接的方式来迁移我的现有用户,即将密码和盐复制到新的数据库方案。我之前提到的一个问题建议在用户登录时捕获密码,并将其一次迁移到新的身份验证系统。

为此,我需要手动验证旧系统的用户。经过一些谷歌搜索后,似乎以下代码应该有效:

public static string EncodePassword(string pass, string salt)
{
    byte[] bytes = Encoding.Unicode.GetBytes(pass);
    byte[] src = Convert.FromBase64String(salt);
    byte[] dst = new byte[src.Length + bytes.Length];
    Buffer.BlockCopy(src, 0, dst, 0, src.Length);
    Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
    HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
    byte[] inArray = algorithm.ComputeHash(dst);
    return Convert.ToBase64String(inArray);
}

但我没有运气。以下是旧成员资格表中的密码,密码哈希和salt:

Password: password
Hash: A1sWiqXLSFx892gfZli5Mn85hZqjW1Vg6BAQ12S7B40=
Salt: Hou1PWslN7MQ+PjFLlW5Xg==
Format: 1

来自web.config:

<membership defaultProvider="DefaultMembershipProvider">
  <providers>
    <clear />
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="Ultra" />
    <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="Ultra" />
  </providers>
</membership>

有人可以解释我应该用什么算法来手动检查这个密码吗?

3 个答案:

答案 0 :(得分:1)

我能够使用基于此帖https://stackoverflow.com/a/19184807/1626624

的算法

这是散列密码的算法。

    public static string EncodePassword(string pass, string salt)
    {
        var passBytes = Encoding.Unicode.GetBytes(pass);
        var saltBytes = Convert.FromBase64String(salt);
        var keyedHashAlgorithm = (KeyedHashAlgorithm)HashAlgorithm.Create("HMACSHA256");
        var keyBytes = new byte[keyedHashAlgorithm.Key.Length];
        var num1 = 0;

        while (true)
        {
            if (num1 >= keyBytes.Length)
            {
                break;
            }

            var num2 = Math.Min(saltBytes.Length, keyBytes.Length - num1);

            Buffer.BlockCopy(saltBytes, 0, keyBytes, num1, num2);
            num1 = num1 + num2;
        }

        keyedHashAlgorithm.Key = keyBytes;

        return Convert.ToBase64String(keyedHashAlgorithm.ComputeHash(passBytes));
    }

答案 1 :(得分:0)

MembershipUser user = Membership.Provider.GetUser(Txtboxemail.Text,false);  if(Membership.ValidateUser(Txtboxemail.Text,pass.Text)){}

可能你需要这个

答案 2 :(得分:0)

尝试使用教程Migrating an Existing Website from SQL Membership to ASP.NET Identity。它甚至还有关于密码散列的详细信息。