使用哈希密码登录asp mvc

时间:2016-05-04 16:33:28

标签: asp.net asp.net-mvc hash sha256

我正在创建一个简单的应用程序,我已经在注册时创建了密码的哈希值,但是无法在登录时应用哈希值。目前我无法使用散列密码的新用户登录。任何帮助将非常感激。目前我有:(注册)

    public String HashPassword(String password)
    {
        var combinedPassword = String.Concat(password);
        var sha256 = new SHA256Managed();
        var bytes = UTF8Encoding.UTF8.GetBytes(combinedPassword);
        var hash = sha256.ComputeHash(bytes);
        return Convert.ToBase64String(hash);
    }

    public void AddUserAccount(UserSignUpView user)
    {

        using (DemoDBEntities db = new DemoDBEntities())
        {

            SYSUser SU = new SYSUser();
            SU.PasswordEncryptedText = HashPassword(user.Password);
            SU.LoginName = user.LoginName;

            SU.RowCreatedSYSUserID = user.SYSUserID > 0 ? 

            user.SYSUserID : 1;
            SU.RowModifiedSYSUserID = user.SYSUserID > 0 ? 

            user.SYSUserID : 1; ;
            SU.RowCreatedDateTime = DateTime.Now;
            SU.RowMOdifiedDateTime = DateTime.Now;



            db.SYSUsers.Add(SU);
            db.SaveChanges();

这一切都可以正常注册和散列。这就是我登录的内容:

public Boolean ValidatePassword(String enteredPassword, String storedHash)
    {
        var hasher = HashPassword(enteredPassword);
        return String.Equals(storedHash, hasher);
    }
    public string GetUserPassword(string enteredPassword)
    {
        using (DemoDBEntities db = new DemoDBEntities())
        {
            var hash = HashPassword(enteredPassword);
            var user = db.SYSUsers.Where(o => 
            o.PasswordEncryptedText.Equals(enteredPassword));
            if (user.Any())
                return user.FirstOrDefault().PasswordEncryptedText;
            else
                return string.Empty;
        }
    }

在控制器中我有:

    public ActionResult LogIn(UserLoginView ULV, string returnUrl)

    {
        if (ModelState.IsValid)
        {

            UserManager UM = new UserManager();
            string password = UM.GetUserName(ULV.LoginName);
            string hash = UM.GetUserPassword(ULV.Password);
            //var password = ComputeHash(password, new SHA256CryptoServiceProvider());



            if (string.IsNullOrEmpty(hash))
                ModelState.AddModelError("", "The user  login or password provided is incorrect.");
            else {
                if (ULV.Password.Equals(hash)&&(ULV.LoginName.Equals(password)))
                {
                    FormsAuthentication.SetAuthCookie(ULV.LoginName, false);
                    return RedirectToAction("Welcome", "Home");
                }
                else {
                    ModelState.AddModelError("", "The password provided is incorrect.");
                }
            }
        }

2 个答案:

答案 0 :(得分:0)

您似乎从数据库中使用行string hash = UM.GetUserPassword(ULV.Password);获取哈希密码,然后将其与使用此行ULV.Password.Equals(hash)输入的值进行比较。由于一个是哈希,而另一个不是,它们永远不会是平等的。

答案 1 :(得分:0)

这有效:

df$months <- month(df$x)
相关问题
最新问题