没有ASP.NET的FormsAuthentication,在C#Windows应用程序中进行密码散列?
[英]Password hashing in a C# Windows app, absent ASP.NET's FormsAuthentication?
问题描述
My Win form app doesn't seem to like FormsAuthentication, I'm totally new to hashing so any help to convert this would be very welcome. 
我的Win表单应用程序似乎不喜欢FormsAuthentication,我对哈希很新,所以任何转换它的帮助都会非常受欢迎。 Thanks. 谢谢。
//Write hash
protected TextBox tbPassword;
protected Literal liHashedPassword;
{
string strHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(tbPassword.Text, "sha1");
liHashedPassword.Text = "Hashed Password is: " + strHashedPassword;
}
//read hash
string strUserInputtedHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile( tbPassword.Text, "sha1");
if(strUserInputtedHashedPassword == GetUsersHashedPasswordUsingUserName(tbUserName.Text))
{
// sign-in successful
}
else
{
// sign-in failed
}
6 个解决方案
解决方案1
22 2008-10-17 16:16:57
using System.Security.Cryptography;
public static string EncodePasswordToBase64(string password)
{ byte[] bytes = Encoding.Unicode.GetBytes(password);
byte[] inArray = HashAlgorithm.Create("SHA1").ComputeHash(bytes);
return Convert.ToBase64String(inArray);
}
解决方案2
3 2008-10-17 16:06:06
The FormsAuthentication is defined in the System.Web.Security namespace which is in the System.Web.dll assembly. FormsAuthentication在System.Web.Security命名空间中定义,该命名空间位于System.Web.dll程序集中。
Just because you are writing a WinForm app does not stop you from using that namespace or referencing that assembly; 仅仅因为您正在编写WinForm应用程序并不会阻止您使用该命名空间或引用该程序集; they are just not done by default as they would be for a WebForms app. 默认情况下它们不会像WebForms应用程序那样完成。
解决方案3
2 2012-10-04 00:46:23
If you are using the hashing for user credentials I suggest you do more than just hashing, you ideally want key stretching as well. 如果您正在使用哈希来获取用户凭据,我建议您不仅要进行哈希处理,理想情况下还需要进行键拉伸。
Here is an API to do what you want in a secure fashion: 这是一个以安全的方式执行您想要的API:
https://sourceforge.net/projects/pwdtknet/ https://sourceforge.net/projects/pwdtknet/
解决方案4
1 2008-10-17 16:03:27
I think it should work. 我认为它应该有效。 All you need to do is reference System.Web.Security in your code (and add it as a reference in your Visual Studio Project). 您需要做的就是在代码中引用System.Web.Security(并将其作为Visual Studio项目中的引用添加)。
解决方案5
1 2008-10-17 16:22:17
If you actually have to 'ship' this forms app, maybe adding System.Web.Security is not such a good idea... 如果你真的必须'运送'这个表单应用程序,可能添加System.Web.Security不是一个好主意...
If you need an SHA1 hash, there is a very easy to use .net cryptography library with examples on msdn. 如果你需要一个SHA1哈希,有一个非常容易使用的.net加密库,在msdn上有例子。 The key is to 关键是要
- take what you want to encrypt 拿你想要加密的东西
- turn it into bytes for whichever encoding(ascii, utf*) you are using 无论您使用哪种编码(ascii,utf *),都将其转换为字节
- Use one of the many hashing schemes builtin to .Net to get the hashed bytes 使用内置于.Net的许多散列方案之一来获取散列字节
- turn those bytes back into a string in the same encoding as in step 2 将这些字节转换回与步骤2中相同编码的字符串
- Save the resulting hashed string somewhere for later comparison 将生成的散列字符串保存在某处以供稍后比较
//step 1 and 2
byte[] data = System.Text.Encoding.Unicode.GetBytes(tbPassword.Text,);
byte[] result;
//step 3
SHA1 sha = new SHA1CryptoServiceProvider();
result = sha.ComputeHash(data);
//step 4
string storableHashResult = System.Text.Encoding.Unicode.ToString(result);
//step 5
// add your code here
解决方案6
1 2008-11-09 15:15:03
Could you not use the BitConverter function instead of the "x2" loop? 你能不能使用BitConverter函数而不是“x2”循环?
eg 例如
return BitConverter.ToString(hash).Replace("-", ""); return BitConverter.ToString(hash).Replace(“ - ”,“”);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.