C# Asp.net HashPassword()错误
好的,我现在已经到绳子的尽头了。我正在为我的学位学院创建一个项目(网站),需要用户的身份验证。为了安全起见,我决定使用ASP.NET的哈希功能。我也在用盐。 现在的问题是我无法验证密码是否正确,因为HashPassword()方法总是给出不同的哈希值,即使我存储的哈希值和salt是相同的 下面是代码: 1) signup.aspx.cs(如果您在那里发现一些错误) 2) login.aspx.cs这是生成错误的实际登录页面C# Asp.net HashPassword()错误,c#,asp.net,hash,C#,Asp.net,Hash,好的,我现在已经到绳子的尽头了。我正在为我的学位学院创建一个项目(网站),需要用户的身份验证。为了安全起见,我决定使用ASP.NET的哈希功能。我也在用盐。 现在的问题是我无法验证密码是否正确,因为HashPassword()方法总是给出不同的哈希值,即使我存储的哈希值和salt是相同的 下面是代码: 1) signup.aspx.cs(如果您在那里发现一些错误) 2) login.aspx.cs这是生成错误的实际登录页面 using System; using System.Collectio
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Helpers;
using System.Security.Cryptography;
using System.Data.SqlClient;
public partial class login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void LoginButton_Click(object sender, EventArgs e)
{
string username = Request.Form["username"];
string password = Request.Form["password"];
VerifyData(username, password);
}
private void VerifyData(string username, string password)
{
String connectstring = System.Configuration.ConfigurationManager.ConnectionStrings["EpicsoString"].ConnectionString;
string query = "SELECT Password, Salt FROM USERS WHERE UserName = @UN";
string dbpassword = "";
string dbsalt = "";
string hash = "";
SqlConnection con = new SqlConnection(connectstring);
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.Add("@UN", System.Data.SqlDbType.Char, 15).Value = username;
try
{
con.Open();
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.HasRows)
{
if(sdr.Read())
{
dbpassword = sdr["password"].ToString();
dbsalt = sdr["salt"].ToString();
hash = Crypto.HashPassword(dbsalt + password);
result.InnerText = " dbsalt: " + dbsalt + " " + " dbpassword: " + dbpassword + " " + " hash: "+hash;
if (Crypto.VerifyHashedPassword(dbpassword, password))
{
Response.Write("<script type='text/javascript'>alert('Successful.');</script>");//Authentication Successful
}
else
{
Response.Write("<script type='text/javascript'>alert('Not Successful.');</script>");//Authentication Unsuccessful
}
}
}
else
{
}
con.Close();
}
catch (Exception ex)
{
Response.Write("<script type='text/javascript'>alert('Sorry, an error occured for some reason. Please try again');</script>");
}
}
}
使用系统;
使用System.Collections.Generic;
使用System.Linq;
使用System.Web;
使用System.Web.UI;
使用System.Web.UI.WebControl;
使用System.Web.Helpers;
使用System.Security.Cryptography;
使用System.Data.SqlClient;
公共部分类登录:System.Web.UI.Page
{
受保护的无效页面加载(对象发送方、事件参数e)
{
}
受保护的无效登录按钮单击(对象发送者,事件参数e)
{
字符串username=Request.Form[“username”];
字符串密码=请求。表单[“密码”];
验证数据(用户名、密码);
}
私有无效验证数据(字符串用户名、字符串密码)
{
字符串connectstring=System.Configuration.ConfigurationManager.ConnectionStrings[“episostring”].ConnectionString;
string query=“选择用户名=@UN的用户的密码和密码”;
字符串dbpassword=“”;
字符串dbsalt=“”;
字符串哈希=”;
SqlConnection con=新的SqlConnection(connectstring);
SqlCommand cmd=新的SqlCommand(查询,con);
cmd.Parameters.Add(“@UN”,System.Data.SqlDbType.Char,15).Value=username;
尝试
{
con.Open();
SqlDataReader sdr=cmd.ExecuteReader();
如果(特别提款权)
{
if(sdr.Read())
{
dbpassword=sdr[“password”].ToString();
dbsalt=sdr[“salt”]。ToString();
hash=Crypto.HashPassword(dbsalt+password);
result.InnerText=“dbsalt:+dbsalt++”dbpassword:+dbpassword++”hash:+hash;
if(加密验证哈希密码(dbpassword,password))
{
Response.Write(“警报('Successful');”;//身份验证成功
}
其他的
{
Response.Write(“警报('notsuccessful');”;//身份验证失败
}
}
}
其他的
{
}
con.Close();
}
捕获(例外情况除外)
{
响应。写入(“警报('抱歉,由于某种原因发生了错误。请重试');”;
}
}
}
这是我第一次来这里,任何帮助都将不胜感激。谢谢。我不是。只有散列存储在列名为“password”的数据库中,以稍微提高安全性。我正在检索哈希和salt,两者都已成功完成。唯一的问题是为相同的salt和相同的密码创建了新的散列,同时我希望生成旧的散列。好的,还有一件事,我已经使用nvarchar(128)数据类型存储了salt和password列,并且我正在以字符串的形式检索。这会对比较产生影响吗?
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Helpers;
using System.Security.Cryptography;
using System.Data.SqlClient;
public partial class login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void LoginButton_Click(object sender, EventArgs e)
{
string username = Request.Form["username"];
string password = Request.Form["password"];
VerifyData(username, password);
}
private void VerifyData(string username, string password)
{
String connectstring = System.Configuration.ConfigurationManager.ConnectionStrings["EpicsoString"].ConnectionString;
string query = "SELECT Password, Salt FROM USERS WHERE UserName = @UN";
string dbpassword = "";
string dbsalt = "";
string hash = "";
SqlConnection con = new SqlConnection(connectstring);
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.Add("@UN", System.Data.SqlDbType.Char, 15).Value = username;
try
{
con.Open();
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.HasRows)
{
if(sdr.Read())
{
dbpassword = sdr["password"].ToString();
dbsalt = sdr["salt"].ToString();
hash = Crypto.HashPassword(dbsalt + password);
result.InnerText = " dbsalt: " + dbsalt + " " + " dbpassword: " + dbpassword + " " + " hash: "+hash;
if (Crypto.VerifyHashedPassword(dbpassword, password))
{
Response.Write("<script type='text/javascript'>alert('Successful.');</script>");//Authentication Successful
}
else
{
Response.Write("<script type='text/javascript'>alert('Not Successful.');</script>");//Authentication Unsuccessful
}
}
}
else
{
}
con.Close();
}
catch (Exception ex)
{
Response.Write("<script type='text/javascript'>alert('Sorry, an error occured for some reason. Please try again');</script>");
}
}
}