我有一个现有的网站,我想升级到MVC 5.我想利用新的ASP.NET身份。似乎没有直接的方式来迁移我的现有用户,即将密码和盐复制到新的数据库方案。我之前提到的一个问题建议在用户登录时捕获密码,并将其一次迁移到新的身份验证系统。
为此,我需要手动验证旧系统的用户。经过一些谷歌搜索后,似乎以下代码应该有效:
public static string EncodePassword(string pass, string salt)
{
byte[] bytes = Encoding.Unicode.GetBytes(pass);
byte[] src = Convert.FromBase64String(salt);
byte[] dst = new byte[src.Length + bytes.Length];
Buffer.BlockCopy(src, 0, dst, 0, src.Length);
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
byte[] inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
但我没有运气。以下是旧成员资格表中的密码,密码哈希和salt:
Password: password
Hash: A1sWiqXLSFx892gfZli5Mn85hZqjW1Vg6BAQ12S7B40=
Salt: Hou1PWslN7MQ+PjFLlW5Xg==
Format: 1
来自web.config:
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="Ultra" />
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="Ultra" />
</providers>
</membership>
有人可以解释我应该用什么算法来手动检查这个密码吗?
答案 0 :(得分:1)
我能够使用基于此帖https://stackoverflow.com/a/19184807/1626624
的算法这是散列密码的算法。
public static string EncodePassword(string pass, string salt)
{
var passBytes = Encoding.Unicode.GetBytes(pass);
var saltBytes = Convert.FromBase64String(salt);
var keyedHashAlgorithm = (KeyedHashAlgorithm)HashAlgorithm.Create("HMACSHA256");
var keyBytes = new byte[keyedHashAlgorithm.Key.Length];
var num1 = 0;
while (true)
{
if (num1 >= keyBytes.Length)
{
break;
}
var num2 = Math.Min(saltBytes.Length, keyBytes.Length - num1);
Buffer.BlockCopy(saltBytes, 0, keyBytes, num1, num2);
num1 = num1 + num2;
}
keyedHashAlgorithm.Key = keyBytes;
return Convert.ToBase64String(keyedHashAlgorithm.ComputeHash(passBytes));
}
答案 1 :(得分:0)
MembershipUser user = Membership.Provider.GetUser(Txtboxemail.Text,false); if(Membership.ValidateUser(Txtboxemail.Text,pass.Text)){}
可能你需要这个
答案 2 :(得分:0)
尝试使用教程Migrating an Existing Website from SQL Membership to ASP.NET Identity。它甚至还有关于密码散列的详细信息。