【发布时间】:2012-05-02 00:59:50
【问题描述】:
我将在 aspnet_Membership 中更新安全问题和答案。通常是通过代码来完成的:
user.ChangePasswordQuestionAndAnswer(password, question, answer);
但我不知道密码。我发现有一个默认的存储过程。存储过程是:
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER OFF
GO
ALTER PROCEDURE [dbo].[aspnet_Membership_ChangePasswordQuestionAndAnswer]
@ApplicationName nvarchar(256),
@UserName nvarchar(256),
@NewPasswordQuestion nvarchar(256),
@NewPasswordAnswer nvarchar(128)
AS
BEGIN
DECLARE @UserId uniqueidentifier
SELECT @UserId = NULL
SELECT @UserId = u.UserId
FROM dbo.aspnet_Membership m, dbo.aspnet_Users u, dbo.aspnet_Applications a
WHERE LoweredUserName = LOWER(@UserName) AND
u.ApplicationId = a.ApplicationId AND
LOWER(@ApplicationName) = a.LoweredApplicationName AND
u.UserId = m.UserId
IF (@UserId IS NULL)
BEGIN
RETURN(1)
END
UPDATE dbo.aspnet_Membership
SET PasswordQuestion = @NewPasswordQuestion, PasswordAnswer = @NewPasswordAnswer
WHERE UserId=@UserId
RETURN(0)
END
但是我刚刚发现答案是明文。如何使用存储过程并对其进行哈希处理?
谢谢。
【问题讨论】:
-
我实际上不太明白这个问题,但看起来你在问是否可以散列答案?如果是这种情况,您可能想看看
HASHBYTES:msdn.microsoft.com/en-us/library/ms174415.aspx -
反映的ASP.NET方式:forums.asp.net/t/1338984.aspx/1
-
@Tim,它需要密码,但我想管理员不知道用户的密码。
标签: c# asp.net security hash asp.net-membership