堆栈内存溢出
  简体   繁体   English

asp.net SQLMembershipProvider和Umbraco成员身份提供程序中的加密密码

[英]Encrypted passwords in asp.net SQLMembershipProvider and Umbraco membership provider

 原文  2013-02-06 14:18:02       asp.net/ encryption/ umbraco/ sqlmembershipprovider

问题描述

Security Noob here. 安全Noob在这里。

I am trying to move from asp.net membership to Umbraco membership. 我正在尝试从asp.net成员资格迁移到Umbraco成员资格。 But using passwordFormat="Encrypted" seems to encrypt differently between the Umbraco membership provider and Microsoft's SQL membership provider. 但是,使用passwordFormat =“ Encrypted”似乎在Umbraco成员资格提供程序和Microsoft的SQL成员资格提供程序之间进行了不同的加密。

If I register two users with the SQL membership provider (with passwordFormat="Encrypted") - the encoded passwords are different. 如果我向SQL成员资格提供程序注册两个用户(使用passwordFormat =“ Encrypted”),则编码的密码将不同。 If I do the same with the Umbraco provider they're the same. 如果我与Umbraco提供商进行相同的操作,则它们是相同的。

While all the strings decrypt to the same thing (the correct password) - I apparently can't use the passwords encrypted by the SQL membership provider in the umbraco DB (ValidateUser fails). 尽管所有字符串都解密为同一事物(正确的密码)-我显然无法使用umbraco DB中的SQL成员资格提供程序加密的密码(ValidateUser失败)。

Anyone have any ideas? 有人有想法么?

Note: I'm using the same machineKey on both sites. 注意:我在两个站点上使用相同的machineKey。

Edit: Calling EncryptPassword() and EncodePassword() on the Umbraco membership provider gives different results - and EncodePassword is the correct one to call. 编辑:在Umbraco成员资格提供程序上调用EncryptPassword()和EncodePassword()会得出不同的结果-而EncodePassword是要调用的正确方法。 But EncodePassword isn't available on the .NET Membership provider. 但是.net Membership提供程序上没有EncodePassword。 This was another part of my confusion. 这是我困惑的另一部分。

2 个解决方案

解决方案1
 1 已采纳  2013-02-12 18:21:47

The passwords may be different because they are salted. 密码可能因盐腌而有所不同。 Check out the PasswordSalt column in the membership database, it should be a Base64 string. 在成员数据库中签出PasswordSalt列,它应该是Base64字符串。

解决方案2
 0  2013-02-06 16:02:49

The Umbraco passwords are hashed using the System.Security.Cryptography.HMACSHA1 class. Umbraco密码使用System.Security.Cryptography.HMACSHA1类进行哈希处理。 I'm guessing you could hash the SQL membership users passwords with HMACSHA1 and call it good. 我猜想您可以使用HMACSHA1散列SQL成员身份用户密码,并称之为良好。

See Add User with hashed password for more details. 有关更多详细信息,请参见使用哈希密码添加用户

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET成员资格/ SQLMembershipProvider源代码 - ASP.NET membership/SQLMembershipProvider Source Code 将ASP.NET会员密码从加密转换为哈希 - Convert ASP.NET Membership Passwords from Encrypted to Hashed 加密ASP.NET成员资格提供程序数据库中的密码 - Encrypt passwords in ASP.NET membership provider DB 对于Asp.Net成员资格提供程序,PasswordFormat.Encrypted是否安全? - Is PasswordFormat.Encrypted secure for Asp.Net membership provider? asp.net 4中的成员资格提供程序 - membership provider in asp.net 4 ASP.NET SqlMembershipProvider和Profile提供程序的可伸缩性如何? - How Scalable are ASP.NET SqlMembershipProvider and Profile provider? 在ASP.NET成员身份中哈希密码 - Hashing passwords in ASP.NET membership 从用户的开发人员位置检索密码,该密码由ASP.NET成员资格提供程序加密 - Retrieve the password from developer point of the user, which is encrypted by ASP.NET membership provider 使用ASP.Net成员资格提供程序的未加密密码的最大长度是多少? - What is the maximum length of an un-encrypted password using the ASP.Net Membership provider? 到sqlmembershipprovider asp.net的连接字符串 - connectionstring to sqlmembershipprovider asp.net
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM