stackoom
  简体   繁体   中英

Hashing method used in ASP.NET Identity

 原文  2016-09-05 05:15:10       c#/ asp.net/ xamarin/ xamarin.forms/ asp.net-identity

Question

I'm creating a Login Form in Xamarin.Forms Portable application. I have a WebFormsProject, wherein I created an API controller that compares the username and password key in by the User versus the username and password saved on my Database.

The password saved on my database is Hashed using ASP.NET Identity. While the password that will be typed by the User is hashed using Crypto.HashPassword (don't know if this class is an ASP.NET Identity thing).

I test it to input my username and password using this :

[Route("api/Login/Search/{username}/{password}")]

When I used breakpoint to try what will be the Hashed value for my key in Password I got this :

AL6kLGQYs3xeCtNkpJuAem43HOEvSpwzSfy5zCK0MviBGuS67Sp+ct0lNfJTd602Uw==

While the password in my database have this Hashed value :

AMlco7zkLpj5alL2MP1VEXQlRbcD2sdTdKB3JvTLzYMMwSUC5vSfhI4MloLLw70Erg==

I don't know why they have different Hashed value even if I've entered the SAME PASSWORD.

If the two password matched, it should return 'true' otherwise false. I'm on a confusing stage right now. Hope you can help me. And I want to know what hashing method does ASP.NET Identity use? Thanks.

Here are some of my codes. 

using System;
using System.Collections.Generic;
using System.Data;
using System.Data.Entity;
using System.Data.Entity.Infrastructure;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Description;
using WebFormsDemo;
using WebFormsDemo.ViewModel;
using System.Security.Cryptography;
using System.Web.Helpers;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using Microsoft.AspNet.Identity.EntityFramework;


namespace WebFormsDemo.Controllers
{
    public class LoginController : ApiController
    {
        private EBMSEntities db = new EBMSEntities();


        [Route("api/Login/Search/{username}/{password}")]
        [ResponseType(typeof(List<AspNetUser>))]



        public bool getUserPassword(string username, string password)

        {

            var hashedPassword = "";
            hashedPassword = Crypto.HashPassword(password);


            var user = (from u in db.AspNetUsers
                        where u.UserName.Equals(username)
                        && u.PasswordHash.Equals(hashedPassword)
                        select u).ToList();


            if (user.Count() != 0)
            {
                return true;
            }

            return false;


        }

    }
}

1 answers

solution1
 2  2016-09-05 06:45:43

Crypto.HashPassword uses RFC 2898 and takes care of creating a salt for you

The password hash is generated with the RFC 2898 algorithm using a 128-bit salt, a 256-bit subkey, and 1000 iterations. The format of the generated hash bytestream is {0x00, salt, subkey}, which is base-64 encoded before it is returned.

You have to use Crypto.VerifyHashedPassword to compare the passwords 

public static bool VerifyHashedPassword(
     string hashedPassword,
     string password
)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.Net Identity Manual Password Hashing Is Asp.net identity hashing Secured? ASP.NET Identity - custom hashing Extending Asp.Net Identity IsInRole() Method Adding method to asp.net identity login Ninject ASP.NET Identity The type '…' cannot be used as type parameter 'TImplementation' in the generic type or method ASP.NET Identity's way of hashing password Compared to Crypto.HashPassword Change seed method for an existing Asp.Net MVC 5 (Identity 2) application? How to give custom implementation of UpdateAsync method of asp.net identity? How to mock Asp.net identity UserManager's CreateAsync method
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM