stackoom
  简体   繁体   中英

ASP.NET Membership Provider - Expose the salt

 原文  2012-07-26 09:01:24       c#/ asp.net/ membership/ salt/ provider

Question

Background

We are using the ASPNET membership provider that stores member login information, along with MongoDB to store a secondary set of information.

Because MongoDB does not offer built-in encryption we have decided to encrypt some of the data before inserting it into the database using the member's salt that is in the ASPNET membership provider tables.

Objective

How would I go about exposing the salt so that it is accessible in code? I cannot find any methods for this in the default provider classes.

Alternative

Either that or could anybody suggest a better approach? One of the benefits of having the salt saved in a different place is to protect it from "interlopers".

Thanks, Max.

1 answers

solution1
 0  2012-07-26 09:04:45

Here is one approach, you can use the username, e-mail to salt. 

public static string hashCalculator(string username, string password)//Use username as salt.
        {
            byte[] stringbytes = System.Text.Encoding.Unicode.GetBytes(username.ToLower() + password);
            return Convert.ToBase64String(new SHA384Managed().ComputeHash(stringbytes));
        }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET Membership provider ASP.Net membership provider Membership provider in ASP.Net Core app ASP.NET MVC Membership provider ASP.NET 4 Custom Membership Provider Tables ASP.net login control membership provider ASP.NET membership provider with EF ASP.NET Membership Provider and Web Services 2 problems with testing asp.net membership provider ASP.NET Identity & ASP.NET Membership Provider “Mashup”
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM