SQL创建.Net Membership Provider用户

时间:2010-06-26 17:18:26

标签: asp.net-membership membership-provider sqlmembershipprovider

我有一个SQL脚本,可以在我的数据库中创建用户。 它使用.Net成员资格存储过程。

此时它工作正常。

唯一的问题是密码已保存明文。我应该在此处更改为 salted / encrypted (不确定在此使用的术语)< / p> 

GO

DECLARE @return_value int,
  @UserId uniqueidentifier


EXEC @return_value = [dbo].[aspnet_Membership_CreateUser]
  @ApplicationName = N'Theater',
  @UserName = N'sam.sosa',
  @Password = N'mypassword',
  @PasswordSalt = N'eyhKDP858wdrYHbBmFoQ6DXzFE1FB+RDP4ULrpoZXt6f',
  @Email = N'sam@Simple.com',
  @PasswordQuestion = N'Whats your favorite color',
  @PasswordAnswer = N'Fusia',
  @IsApproved = 1,
  @CurrentTimeUtc = '2010-03-03',
  @CreateDate = '2010-03-03',
  @UniqueEmail = 1,
  @PasswordFormat = 0,
  @UserId = @UserId OUTPUT

SELECT @UserId as N'@UserId'

SELECT 'Return Value' = @return_value

GO

谢谢!

1 个答案:

答案 0 :(得分:10)

在“Hashed”密码存储模式下,它看起来像是,它只是计算:

SHA1(盐+密码)

Salt存储为Base64编码,因此必须在与(Unicode)密码连接之前对其进行解码。最后,结果是Base64编码存储。

以下(可怕的)SQL将输出一个适当编码的值,可以代替您当前拥有的“mypassword”。您还必须将@PasswordFormat设置为1以指示密码已存储为哈希值。

declare @salt nvarchar(128)
declare @password varbinary(256)
declare @input varbinary(512)
declare @hash varchar(64)

-- Change these values (@salt should be Base64 encoded)
set @salt = N'eyhKDP858wdrYHbBmFoQ6DXzFE1FB+RDP4ULrpoZXt6f'
set @password = convert(varbinary(256),N'mypassword')

set @input = hashbytes('sha1',cast('' as  xml).value('xs:base64Binary(sql:variable(''@salt''))','varbinary(256)') + @password)
set @hash = cast('' as xml).value('xs:base64Binary(xs:hexBinary(sql:variable(''@input'')))','varchar(64)')

-- @hash now contains a suitable password hash
-- Now create the user using the value of @salt as the salt, and the value of @hash as the password (with the @PasswordFormat set to 1)

DECLARE @return_value int, 
  @UserId uniqueidentifier 

EXEC @return_value = [dbo].[aspnet_Membership_CreateUser] 
  @ApplicationName = N'Theater', 
  @UserName = N'sam.sosa', 
  @Password = @hash, 
  @PasswordSalt = @salt, 
  @Email = N'sam@Simple.com', 
  @PasswordQuestion = N'Whats your favorite color', 
  @PasswordAnswer = N'Fusia', 
  @IsApproved = 1, 
  @CurrentTimeUtc = '2010-03-03', 
  @CreateDate = '2010-03-03', 
  @UniqueEmail = 1, 
  @PasswordFormat = 1, 
  @UserId = @UserId OUTPUT 

SELECT @UserId as N'@UserId' 

SELECT 'Return Value' = @return_value
相关问题
最新问题