如何使用PHP生成ASP.NET密码
[英]How to Generate ASP.NET Password using PHP
问题描述
I have existing ap.net c# website is working with mysql database. 
我现有的ap.net c#网站正在使用mysql数据库。 now i am planning to create mobile app for that website for that API needs to be ready. 现在我打算为该网站创建移动应用程序,因为该API需要做好准备。 I am creating an API into PHP Laravel Framework. 我正在PHP Laravel Framework中创建一个API。 for RegistrationAPI needs to generate password. 对于RegistrationAPI需要生成密码。
Asp.net using its inbuilt library for generating password like Asp.net使用其内置库生成密码之类的
WebSecurity.CreateUserAndAccount("username", "password");
it automatically generates password in table called "webpages_membership" 它会在名为“webpages_membership”的表中自动生成密码
Note: I am using same database which is used by aps.net working website. 注意:我使用的是aps.net工作网站使用的相同数据库。 so my website will be in asp.net and api will be now in php. 所以我的网站将在asp.net,api现在将在php中。
I found MembershipModel class in php which is used to compare two password but it can not generate password. 我在php中找到了MembershipModel类,用于比较两个密码,但它无法生成密码。
<?php
/*
* Author : Mr. Juned Ansari
* Date : 15/02/2017
* Purpose : It Handles Login Encryption And Decryption Related Activities
*/
class MembershipModel {
function bytearraysequal($source, $target) {
if ($source == null || $target == null || (strlen($source) != strlen($target)))
return false;
for ($ctr = 0; $ctr < strlen($target); $ctr++) {
if ($target[$ctr] != $source[$ctr])
return false;
}
return true;
}
//This Function is Used to verifypassword
function verifypassword($hashedPassword, $password) {
$PBKDF2IterCount = 1000; // default for Rfc2898DeriveBytes
$PBKDF2SubkeyLength = 32; // 256 bits
$SaltSize = 16; // 128 bits
if ($hashedPassword == null) {
return false;
//show_error("hashedPassword is null");
}
if ($password == null) {
return false;
//show_error("Password is null");
}
$hashedPasswordBytes = base64_decode($hashedPassword);
if (strlen($hashedPasswordBytes) != 48) {
return false;
}
$salt = substr($hashedPasswordBytes, 0, $SaltSize);
$storedSubkey = substr($hashedPasswordBytes, $SaltSize, $PBKDF2SubkeyLength);
$generatedSubkey = $this->encript('sha1', $password, $salt, $PBKDF2IterCount, $PBKDF2SubkeyLength, true);
return $this->bytearraysequal($storedSubkey, $generatedSubkey);
}
function encript($algorithm, $password, $salt, $count, $key_length, $raw_output = false) {
$algorithm = strtolower($algorithm);
if (!in_array($algorithm, hash_algos(), true))
return false;
//show_error('PBKDF2 ERROR: Invalid hash algorithm.');
if ($count <= 0 || $key_length <= 0)
return false;
//show_error('PBKDF2 ERROR: Invalid parameters.');
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
$output = "";
for ($i = 1; $i <= $block_count; $i++) {
$last = $salt . pack("N", $i);
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
for ($j = 1; $j < $count; $j++) {
$xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
}
$output .= $xorsum;
}
return substr($output, 0, $key_length);
}
}
I have successfully created Login APi in PHP which is working fine using above class. 我已经在PHP中成功创建了Login APi,使用上面的类可以正常工作。
1 个解决方案
解决方案1
5 已采纳 2018-09-05 08:08:22
As all the comments are advising you, you're probably doing it the hard way if you try to port this work over to PHP instead of letting PHP talk to the backend via some .NET component. 正如所有评论都建议你的那样,如果你试图将这项工作移植到PHP而不是让PHP通过某些.NET组件与后端通信,那么你可能正在努力。
Nevertheless, if you're set on porting it over, the code for WebSecurity.CreateUserAndAccount() is available on GitHub . 尽管如此,如果您WebSecurity.CreateUserAndAccount()其移植, 则可以在GitHub上使用WebSecurity.CreateUserAndAccount()的代码 。 As you can see, it leans on the currently-configured membership provider's implementation of that method. 如您所见,它依赖于当前配置的成员资格提供程序对该方法的实现。
For SimpleMembershipProvider , the implementation is very simple . 对于SimpleMembershipProvider , 实现非常简单 。 Here's the important bit: 这是重要的一点:
CreateUserRow(db, userName, values);
return CreateAccount(userName, password, requireConfirmation);
CreateUserRow() isn't very interesting or surprising, but CreateAccount() is responsible for the part I think you care about. CreateUserRow()不是很有趣或令人惊讶,但CreateAccount()负责我认为你关心的部分。
There are two parts that you'd need to port to PHP; 您需要将两个部分移植到PHP; Crypto.HashPassword() and GenerateToken() . Crypto.HashPassword()和GenerateToken() 。 Since you're calling WebSecurity.CreateUserAndAccount() with only two parameters, you can ignore the GenerateToken() part (since requireConfirmation defaults to false ). 由于您只使用两个参数调用WebSecurity.CreateUserAndAccount() ,因此可以忽略GenerateToken()部分(因为requireConfirmation默认为false )。
Here's the source code for Crypto.HashPassword() . 这是Crypto.HashPassword()的源代码 。 As per its comment, it performs: 根据其评论,它执行:
PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations.
(See also: SDL crypto guidelines v5.1, Part III)
Format:{ 0x00, salt, subkey }{ 0x00, salt, subkey }
…using the System.Security.Cryptography.Rfc2898DeriveBytes() method. ...使用System.Security.Cryptography.Rfc2898DeriveBytes()方法。
Which leads us to this directly related existing Stack Overflow answer , which I think gives you what you want. 这导致我们直接相关的现有Stack Overflow答案 ,我认为这会给你你想要的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.