与Crypto.HashPassword相比,ASP.NET Identity的哈希密码方式
[英]ASP.NET Identity's way of hashing password Compared to Crypto.HashPassword
问题描述
Good Day everyone. 
今天是个好日子。 I'm currently creating a Login Form in Xamarin.Forms Portable application. 我目前正在Xamarin.Forms Portable应用程序中创建一个登录表单。 I have a WebFormsProject, wherein I created an API controller that compares the username and password typed by the User versus the username and password saved on my Database. 我有一个WebFormsProject,其中创建了一个API控制器,该控制器将用户键入的用户名和密码与保存在数据库中的用户名和密码进行比较。
The password saved on my database is Hashed using ASP.NET Identity. 我的数据库中保存的密码使用ASP.NET Identity加密。 While the password that will be typed by the User is hashed using Crypto.HashPassword (don't know if this class is an ASP.NET Identity thing). 虽然将使用Crypto.HashPassword对用户输入的密码进行哈希处理 (不知道此类是否是ASP.NET Identity。)。
How can I compare this two? 如何比较这两个?
If the two password matched, it should return 'true' otherwise false. 如果两个密码匹配,则应返回“ true”,否则返回false。 I'm on a confusing stage right now. 我现在处于混乱状态。 Hope you can help me. 希望您能够帮助我。 Thanks. 谢谢。
Here are some of my codes. 这是我的一些代码。
LoginController.cs LoginController.cs
using System;
using System.Collections.Generic;
using System.Data;
using System.Data.Entity;
using System.Data.Entity.Infrastructure;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Description;
using WebFormsDemo;
using WebFormsDemo.ViewModel;
using System.Security.Cryptography;
using System.Web.Helpers;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using Microsoft.AspNet.Identity.EntityFramework;
namespace WebFormsDemo.Controllers
{
public class LoginController : ApiController
{
private EBMSEntities db = new EBMSEntities();
// GET: api/Login
[Route("api/Login/Search/{username}/{password}")]
[ResponseType(typeof(List<AspNetUser>))]
public bool getUsernamePassword(string username, string password)
{
var hashedPassword = "";
hashedPassword = Crypto.HashPassword(password);
var pass = (from u in db.AspNetUsers
where u.UserName.Equals(username)
select u.PasswordHash).Take(1);
string hashpassinDb = Convert.ToString(pass.FirstOrDefault());
return Crypto.VerifyHashedPassword(hashpassinDb, hashedPassword);
}
}
}
2 个解决方案
解决方案1
1 2016-09-02 09:59:52
Password hashes are usually compared using the method VerifyHashedPassword from the PasswordHasher class. 通常使用PasswordHasher类中的VerifyHashedPassword方法对密码哈希进行比较。 check this link: Verifies that a password matches the hashed password. 检查此链接: 验证密码是否与哈希密码匹配。
Edit: 编辑:
As per comment It turns out that using Crypto.HashedPassword will produce a Hash Value different from the Hash value saved on my database. 根据评论事实证明,使用Crypto.HashedPassword将产生与存储在数据库中的哈希值不同的哈希值。
You need to provide IPasswordHasher implementation that can provide clear password without hashing. 您需要提供IPasswordHasher实现,该实现可以提供清晰的密码而不进行哈希处理。
public class ClearPassword : IPasswordHasher
{
public string HashPassword(string password)
{
return password;
}
}
Will give you clear password which you can use to compare with entered password. 将为您提供明确的密码,您可以将其与输入的密码进行比较。
解决方案2
0 2017-06-15 03:48:37
返回Crypto.VerifyHashedPassword的第二个参数不是要散列,而是纯文本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.