AdventureWorks2012 DB - 如何在 sql 中验证密码？

Question

我看过下面的帖子，它解释了如何在 C# 中验证密码。

Sql Password validator

我想在 sql 存储过程中做同样的事情。

select * from Person.Password

如何根据密码盐值和密码哈希值验证密码？它使用哪种算法来加密密码？

Answer 1

你可以这样试试：

CREATE STORED PROCEDURE CheckPassword
@username VARCHAR(20),
@password varchar(20)
AS
BEGIN

IF (CONVERT(NVARCHAR(4000), HASHBYTES('sha1', @password), 1)) <> (select PassColumn from myTable WHERE myUser = @username )
BEGIN 
    print 'Password Matches'
END
else
    print 'Password does not match'
END

您可以按照 MSDN: How to Validate Passwords 说：

To validate a password

1. Create a function called VerifyPassword that retrieves a user's password from the Profiles System.
2. Hash the password and compare it to the user's entered password.
3. Inside the VerifyPassword function, create a CommerceContext object and call the GetProfile method.
4. Retrieve the Password property from the UserProfile property collection.
5. Create a function called VerifyHashedPassword that compares the user's entered password against a hashed password. This function will use the HashPassword function that is described in How to Hash Passwords.