求助:在外部对用户密码验证
我需要在程序代码中验证asp.net数据库中的用户密码,发现在数据库中有一个aspnet_Membership_GetPasswordWithFormat存储过程。我用它返回了一个密码字符串,但是是经过加密过的,哪位高手知道它的加密算法?
[解决办法]
加密解密代码如下;
另外还有一个问题,只知道代码是不够的,还要取出数据库里另外2个字段PASSWORDSALT,PASSWORDFORMAT
PASSWORDSALT就是GenerateSalt()这个函数生成的key。
加密解密函数里边都要用到
internal string GenerateSalt() { byte[] buf = new byte[16]; (new RNGCryptoServiceProvider()).GetBytes(buf); return Convert.ToBase64String(buf); } internal string EncodePassword(string pass, int passwordFormat, string salt) { if (passwordFormat == 0) // MembershipPasswordFormat.Clear return pass; byte[] bIn = Encoding.Unicode.GetBytes(pass); byte[] bSalt = Convert.FromBase64String(salt); byte[] bAll = new byte[bSalt.Length + bIn.Length]; byte[] bRet = null; Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length); Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length); if (passwordFormat == 1) { // MembershipPasswordFormat.Hashed HashAlgorithm s = HashAlgorithm.Create( Membership.HashAlgorithmType ); bRet = s.ComputeHash(bAll); } else { bRet = EncryptPassword( bAll ); } return Convert.ToBase64String(bRet); } internal string UnEncodePassword(string pass, int passwordFormat) { switch (passwordFormat) { case 0: // MembershipPasswordFormat.Clear: return pass; case 1: // MembershipPasswordFormat.Hashed: throw new ProviderException(SR.GetString(SR.Provider_can_not_decode_hashed_password)); default: byte[] bIn = Convert.FromBase64String(pass); byte[] bRet = DecryptPassword( bIn ); if (bRet == null) return null; return Encoding.Unicode.GetString(bRet, 16, bRet.Length - 16); } } }