[英]Password hashing in a C# Windows app, absent ASP.NET's FormsAuthentication?
My Win form app doesn't seem to like FormsAuthentication, I'm totally new to hashing so any help to convert this would be very welcome. 我的Win表单应用程序似乎不喜欢FormsAuthentication,我对哈希很新,所以任何转换它的帮助都会非常受欢迎。 Thanks.
谢谢。
//Write hash
protected TextBox tbPassword;
protected Literal liHashedPassword;
{
string strHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(tbPassword.Text, "sha1");
liHashedPassword.Text = "Hashed Password is: " + strHashedPassword;
}
//read hash
string strUserInputtedHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile( tbPassword.Text, "sha1");
if(strUserInputtedHashedPassword == GetUsersHashedPasswordUsingUserName(tbUserName.Text))
{
// sign-in successful
}
else
{
// sign-in failed
}
using System.Security.Cryptography;
public static string EncodePasswordToBase64(string password)
{ byte[] bytes = Encoding.Unicode.GetBytes(password);
byte[] inArray = HashAlgorithm.Create("SHA1").ComputeHash(bytes);
return Convert.ToBase64String(inArray);
}
The FormsAuthentication is defined in the System.Web.Security namespace which is in the System.Web.dll assembly. FormsAuthentication在System.Web.Security命名空间中定义,该命名空间位于System.Web.dll程序集中。
Just because you are writing a WinForm app does not stop you from using that namespace or referencing that assembly; 仅仅因为您正在编写WinForm应用程序并不会阻止您使用该命名空间或引用该程序集; they are just not done by default as they would be for a WebForms app.
默认情况下它们不会像WebForms应用程序那样完成。
If you are using the hashing for user credentials I suggest you do more than just hashing, you ideally want key stretching as well. 如果您正在使用哈希来获取用户凭据,我建议您不仅要进行哈希处理,理想情况下还需要进行键拉伸。
Here is an API to do what you want in a secure fashion: 这是一个以安全的方式执行您想要的API:
https://sourceforge.net/projects/pwdtknet/ https://sourceforge.net/projects/pwdtknet/
I think it should work. 我认为它应该有效。 All you need to do is reference System.Web.Security in your code (and add it as a reference in your Visual Studio Project).
您需要做的就是在代码中引用System.Web.Security(并将其作为Visual Studio项目中的引用添加)。
If you actually have to 'ship' this forms app, maybe adding System.Web.Security is not such a good idea... 如果你真的必须'运送'这个表单应用程序,可能添加System.Web.Security不是一个好主意...
If you need an SHA1 hash, there is a very easy to use .net cryptography library with examples on msdn. 如果你需要一个SHA1哈希,有一个非常容易使用的.net加密库,在msdn上有例子。 The key is to
关键是要
//step 1 and 2
byte[] data = System.Text.Encoding.Unicode.GetBytes(tbPassword.Text,);
byte[] result;
//step 3
SHA1 sha = new SHA1CryptoServiceProvider();
result = sha.ComputeHash(data);
//step 4
string storableHashResult = System.Text.Encoding.Unicode.ToString(result);
//step 5
// add your code here
Could you not use the BitConverter function instead of the "x2" loop? 你能不能使用BitConverter函数而不是“x2”循环?
eg 例如
return BitConverter.ToString(hash).Replace("-", ""); return BitConverter.ToString(hash).Replace(“ - ”,“”);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.