【发布时间】:2018-01-25 03:53:42
【问题描述】:
我正在编写一个 ASP.NET 程序,我需要将用户密码存储在数据库中。但是当我将数据库中的密码与用户输入的密码进行比较时,密码不匹配。即使用户密码正确。
密码哈希:
string PasswordSalt = Crypto.HashPassword(DateTime.Now.ToString());
string hashPassword = Crypto.HashPassword(formcollection["PassWord"]); //Hash User PassWord
user.PassWord = Crypto.HashPassword(PasswordSalt + hashPassword);//Add Salt to Password For Futher Security
user.PassWordSalt = PasswordSalt;
密码验证:
Users ThisUser = Users.UsersGetByEmail((string)Session["email"]);
string checkpassword = ThisUser.PassWord;
//User Inputed password.
string password = user.PassWord;
if (password != null)
{
//Need to fix.
string encrypt_password = Crypto.HashPassword(password);
string salted_password = Crypto.HashPassword(ThisUser.PassWordSalt + encrypt_password);
//bool does_password_match = Crypto.VerifyHashedPassword(checkpassword, password);
if (checkpassword == salted_password)
{
//Check if the inputed password matches the password from the Database.
//Remember to give session based on the user_id.
Session["user_id"] = ThisUser.Id;
return RedirectToAction("Promise");
}
else
{
ModelState.AddModelError("PassWord", "Wrong Password, Please Enter Correct Password");
return View(user);
}
【问题讨论】:
-
您是否考虑过使用 asp 身份?所有这些都由许多内置方法为您处理
-
关于安全性的规则 1:不要自己构建 :)
标签: c# asp.net-mvc authentication cryptography passwords