[英]Crypto.VerifyHashedPassword throws exception
I have hashed the user password using Crypto.HashPassword('nakedPassword');
我已经使用
Crypto.HashPassword('nakedPassword');
散列了用户密码Crypto.HashPassword('nakedPassword');
and saved this value in my db. 并将此值保存在我的数据库中。
During signup: 注册期间:
public Status Signup(Customer user)
{
//change password to password hash & create a verification codetry
try
{
int pkid;
user.PASSWORD = Crypto.HashPassword(user.PASSWORD);
user.VER_CODE = Guid.NewGuid().ToString();
Mapper.CreateMap <Customer,user>();
var mappedcustomer = Mapper.Map<Customer,user>(user);
string result = _userRepository.Signup(mappedcustomer);
Status status = new Status();
if (result == "MOB_EXISTS")
{
status.setError("Mobile number already exists");
}
else if (result == "EMAIL_EXISTS")
{
status.setError("Email already exists");
}
} catch (Exception e) {}
}
Later during login when i retrieve using: 稍后在登录期间,当我检索使用:
Status status = new Status();
try
{
string hashedPass = _userRepository.GetHashedPassByEmail(email);
if (Crypto.VerifyHashedPassword(hashedPass, password)) //<-- THIS LINE THROWS THE EXCEPTION
{
//authenticated
status.setSuccess("Login successful !");
}
else
{
status.setError("Invalid Credentials. Please try again.");
}
}
catch (Exception e)
{
status.setError("Error during login. Please check the credentials and try again.");
}
The pointed line throws the exception 虚线引发异常
System.FormatException
System.FormatException
Invalid length for a Base-64 char array or string.
Base-64 char数组或字符串的长度无效。
Stacktrace:
堆栈跟踪:
at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength) at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
在System.Convert.FromBase64CharPtr(Char * startInputPtr,Int32 inputLength,Byte * startDestPtr,Int32 destLength)在System.Convert.FromBase64CharPtr(Char * inputPtr,Int32 inputLength)
at System.Convert.FromBase64String(String s) at System.Web.Helpers.Crypto.VerifyHashedPassword(String hashedPassword, String password) at Tmmmt.Business.UserProvider.login(String email, String password) in c:\\Users\\MacBook\\Source\\Repos\\tmmmt.com\\Tmmmt.Business\\UserProvider.cs:line 802在System.Web.Helpers.Crypto.VerifyHashedPassword(字符串hashedPassword,字符串密码)的System.Convert.FromBase64String(String)在c:\\ Users \\ MacBook \\的Tmmmt.Business.UserProvider.login(字符串电子邮件,字符串密码)源\\回购\\ tmmmt.com \\ Tmmmt.Business \\ UserProvider.cs:第802行
Note: This does not happen all the time but happens on certain signups only. 注意:这并非一直发生,而是仅在某些注册时发生。 See
Crypto.VerifyHashedPassword
请参阅
Crypto.VerifyHashedPassword
When I looked into my code for signup I saw a hash getting generated but it is truncated when writing to db. 当我查看用于注册的代码时,我看到生成了一个哈希,但是在写入db时它被截断了。
For example: 例如:
Actual Hash: ANFRzzPtJ6H/hmsxmbPpkUgIDcmxoaWDV6Ej8Xes8+PupKnsKq3EI/cUTHCRZm9t+g== 实际哈希: ANFRzzPtJ6H / hmsxmbPpkUgIDcmxoaWDV6Ej8Xes8 + PupKnsKq3EI / cUTHCRZm9t + g ==
Hash in Db: ANFRzzPtJ6H/hmsxmbPpkUgIDcmxoaWDV6Ej8Xes8+PupKnsKq 哈希在Db中: ANFRzzPtJ6H / hmsxmbPpkUgIDcmxoaWDV6Ej8Xes8 + PupKnsKq
The password field in the db is varchar(8000)
and I am putting it through the following way: db中的密码字段是
varchar(8000)
,我通过以下方式进行输入:
public virtual ObjectResult<string> sp_signupweb(string name, string email, string passHash, string code, Nullable<long> mob, Nullable<int> utc, string verifycode, ObjectParameter result)
{
...//some code//
var passHashParameter = passHash != null ?
new ObjectParameter("passHash", passHash) :
new ObjectParameter("passHash", typeof(string));
//.... some more code
return ((IObjectContextAdapter)this).ObjectContext.ExecuteFunction<string>("sp_signupweb", nameParameter, emailParameter, passHashParameter, codeParameter, mobParameter, utcParameter, verifycodeParameter, result);
}
How does the truncation occur? 截断如何发生?
固定存储过程的参数长度(注册)对我来说固定。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.