[英]Password hashing and adding zero
我尝试用户登录/注册模板,当我注册用户时,我像这样进行散列
public class HashingHelper
{
public static void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password));
}
}
public static bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return false;
}
}
return true;
}
public class AccessToken
{
public string Token { get; set; }
public DateTime Expiration { get; set; }
}
public interface ITokenHelper
{
AccessToken CreateToken(User user, List<OperationClaim> operationClaims);
}
public JwtHelper(IConfiguration configuration)
{
Configuration = configuration;
_tokenOptions = Configuration.GetSection("TokenOptions").Get<TokenOptions>();
}
public AccessToken CreateToken(User user, List<OperationClaim> operationClaims)
{
_accessTokenExpiration = DateTime.Now.AddMinutes(_tokenOptions.AccessTokenExpiration);
var securityKey = SecurityKeyHelper.CreateSecurityKey(_tokenOptions.SecurityKey);
var signingCredentials = SigningCredentialsHelper.CreateSigningCredentials(securityKey);
var jwt = CreateJwtSecurityToken(_tokenOptions, user, signingCredentials, operationClaims);
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
var token = jwtSecurityTokenHandler.WriteToken(jwt);
return new AccessToken
{
Token = token,
Expiration = _accessTokenExpiration
};
}
public JwtSecurityToken CreateJwtSecurityToken(TokenOptions tokenOptions, User user,
SigningCredentials signingCredentials, List<OperationClaim> operationClaims)
{
var jwt = new JwtSecurityToken(
issuer: tokenOptions.Issuer,
audience: tokenOptions.Audience,
expires: _accessTokenExpiration,
notBefore: DateTime.Now,
claims: SetClaims(user, operationClaims),
signingCredentials: signingCredentials
);
return jwt;
}
代码做散列并给我这个结果
0x3BD49472981C07E354B156A9DBD11F507DFFEE40A353CD732ABED6E14035C36C31E93E8888E1E657B77B41B35E883CD5F8920DDDB3F87D1F85AFFA3E2BD1015E
它会毫无问题,但是当我尝试登录用户时
我不能,因为当我在本地 sql 数据库中看到时,我看到代码添加了零号
0x3BD49472981C07E354B156A9DBD11F507DFFEE40A353CD732ABED6E14035C36C31E93E8888E1E657B77B41B35E883CD5F8920DDDB3F87D1F85AFFA3E2BD1015E00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
当我检查我的代码时,我没有发现任何错误,所以我该怎么办
如果是 mssql,请使用 varbinary(500) 而不是 binary(500)
https://www.tektutorialshub.com/sql-server/binary-and-varbinary-data-types-in-sql-server/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.