堆栈内存溢出
  简体   繁体   English

使用salt进行散列后,C#,asp.net密码不匹配

[英]C#,asp.net Passwords are not matching after hashing with salt

 原文  2015-02-13 14:03:33       c#/ asp.net/ hash/ salt

问题描述

I have used hashing with salt for password.Before i implemented hashing, i had a stored procedure which used to check textbox value with the value in Database and the code was working fine .After implementing hashing though the passwords are not matching,i checked the hashed value in database and password that i entered and both are same.I looked up in google and some suggested that manually entering value in Database for password will cause an issue.So i created a user registration form and hashed the password there and stored it in the database.Can anyone please guide me as to where i am going wrong. 我已经使用哈希与salt进行密码。在我实现散列之前,我有一个存储过程,用于检查文本框值与数据库中的值,代码工作正常。虽然密码不匹配实现哈希后,我检查了我输入的数据库和密码中的哈希值都是相同的。我在谷歌中查找并且有人建议在数据库中手动输入密码值将导致问题。所以我创建了一个用户注册表并在那里散列密码并存储它在数据库中。任何人都可以指导我哪里出错了。

My loginpagecode: 我的登录页码: 

 using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Configuration;
    using System.Data.SqlClient;
    using System.Data;
    using System.Security.Cryptography;

    namespace taxiservices
    {
        public partial class adminlogin : System.Web.UI.Page
        {
            String Salt;
            String Hash;
            String Pwd;
            protected void Page_Load(object sender, EventArgs e)
            {

            }

            public string SaltedHash(string password)
            {
                Salt = "salthashtestsalthashtestsalthashtestsalthashtestsalthashtestsalthashtestsalthashtestsalthashtest";
                Hash = ComputeHash(Salt, password);
                return Hash;

            }

            static string ComputeHash(string salt, string password)
            {
                var saltBytes = Convert.FromBase64String(salt);
                using (var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 1000))
                    return Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256));
            }

            public static bool Verify(string salt, string hash, string password)
            {
                return hash == ComputeHash(salt, password);
            }

            protected void Button1_Click(object sender, EventArgs e)
            {
                Session["username"] = username.Text.ToString();
                 Pwd=SaltedHash(password.Text.ToString());
                 Response.Write(Pwd);
                string query;
                string ConnectionStringnew = ConfigurationManager.ConnectionStrings["ConnectionStringName"].ConnectionString;
                using (SqlConnection con = new SqlConnection(ConnectionStringnew))
                {
                    query = "Emplogin";   //stored procedure Name
                    SqlCommand com = new SqlCommand(query, con);
                    com.CommandType = CommandType.StoredProcedure;
                    com.Parameters.AddWithValue("@Usename", username.Text.ToString());   //for username 
                    com.Parameters.AddWithValue("@Password",Pwd);  //for password

                    con.Open();

                    int usercount = (Int32)com.ExecuteScalar();// for taking single value
                    con.Close();
                    if (usercount == 1)  // comparing users from table 
                    {

                        Session["user"] = "valid";

                        Response.Redirect("adminhomepage.aspx");  //for sucsseful login
                    }
                    else
                    {

                        Label2.Text = "Invalid User Name or Password";  //for invalid login
                    }



                }
            }

            protected void username_TextChanged(object sender, EventArgs e)
            {

            }
        }
    }

Page where user creates a password: 用户创建密码的页面: 

 using System;
    using System.Collections.Generic;
    using System.Configuration;
    using System.Data.SqlClient;
    using System.Linq;
    using System.Security.Cryptography;
    using System.Web;
    using System.Web.UI;
    using System.Web.UI.WebControls;

namespace taxiservices
{
    public partial class changepassword : System.Web.UI.Page
    {
        String Salt;
        String Hash;
        protected void Page_Load(object sender, EventArgs e)
        {


        }

        protected void TextBox2_TextChanged(object sender, EventArgs e)
        {

        }
        public string SaltedHash(string password)
        {
            Salt="salthashtestsalthashtestsalthashtestsalthashtestsalthashtestsalthashtestsalthashtestsalthashtest";
            Hash = ComputeHash(Salt, password);
            return Hash;
        }

        static string ComputeHash(string salt, string password)
        {
            var saltBytes = Convert.FromBase64String(salt);
            using (var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 1000))
                return Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256));
        }

        protected void Button1_Click(object sender, EventArgs e)
        {

            string Pwd = SaltedHash(TextBox2.Text);
            string ConnectionStringn = ConfigurationManager.ConnectionStrings["ConnectionStringName"].ConnectionString;
            using (SqlConnection con = new SqlConnection(ConnectionStringn))
            {
                using (SqlCommand cmd = new SqlCommand("INSERT INTO Users(Username,Password) VALUES(@User,@password)"))
                {
                    cmd.Connection = con;
                    cmd.Parameters.AddWithValue("@User", TextBox3.Text);
                    cmd.Parameters.AddWithValue("@password", Pwd);
                    con.Open();
                    cmd.ExecuteNonQuery();
                    con.Close();

                }
            }
        }
    }
}

The Stored Procedure: 存储过程: 

    Create  procedure Emplogin
(
@Usename Varchar (20),
@Password varchar (10)
)
as
Begin
Select COUNT(*)from Users where username=@Usename and password=@Password 
End

1 个解决方案

解决方案1
 0 已采纳  2015-02-13 14:15:51

When you pass the details into you Emplogin stored procedure, it is only getting the first 10 characters of your salted password (it truncates away the other 246). 当您将详细信息传递给Emplogin存储过程时,它只获取您的盐渍密码的前10个字符(它会截断其他246个字符)。 When it checks this ten-character string against your Users database, it doesn't find a match. 当它针对您的Users数据库检查此十个字符的字符串时,它找不到匹配项。

You should adjust your Emplogin procedure so that the length of the @Password variable matches that of the password column in your Users table. 您应调整Emplogin过程,以使@Password变量的长度与Users表中的password列的长度相匹配。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用ASP.NET MVC 3散列密码 - Hashing Passwords With ASP.NET MVC 3 ASP.NET:SHA1 +多个服务器上的Salt密码哈希 - ASP.NET: SHA1 + Salt Password Hashing on Multiple Servers 在ASP.net中复制PHPBB密码哈希c# - Replicate PHPBB password hashing in ASP.net c# 在C#中使用随机盐散列? - Hashing with random salt in c#? Hash 和 C# 中的 salt 密码 - Hash and salt passwords in C# 没有ASP.NET的FormsAuthentication,在C#Windows应用程序中进行密码散列? - Password hashing in a C# Windows app, absent ASP.NET's FormsAuthentication? PHP 中的 SHA256 加盐散列与 C# 中的不同 - SHA256 Hashing with Salt in PHP not same as in C# 将页面重新排列到文件夹Asp.net C#后出现错误 - Errors after rearranging pages into folders Asp.net C# 1滴答后,ASP.Net(语言C#)中的计时器停止 - Timer in ASP.Net (Language C#) stops after 1 tick 在asp.net C#中插入后如何刷新GridView - How to refresh gridview after insertion in asp.net c#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM