使用散列密码和盐的数据创建种子
Creating seeds with data that has hashed passwords and salts
我有一个 table "admins" ,我想将数据播种到其中。 table 有一个 password(nvarchar(128)) 字段和一个 password_salt(varbinary(1024)) 字段。
模型是这样的:
public string Password { get; set; }
public byte[] PasswordSalt { get; set; }
当我创建一个新的管理员时,我创建了一个密码散列和一个密码盐,如下所示:
public Admins Register(Admins admin)
{
CreatePasswordHash(admin.Password, out string passwordHash, out Byte[] passwordSalt);
admin.Password = passwordHash;
admin.PasswordSalt = passwordSalt;
//rest of code
}
private void CreatePasswordHash(string password, out string passwordHash, out Byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
Byte[] buffer = hmac.ComputeHash(Encoding.Unicode.GetBytes(password));
passwordHash = Encoding.Unicode.GetString(buffer);
passwordSalt = hmac.Key;
}
}
如何播种 table?我应该在密码盐字段中输入什么?它是一个字节 [],我不知道如何获取它并放入我的 migrationBuilder.InsertData() 方法中。
您可以使用安全的 RandomNumberGenerator 生成 128 位盐,并使用 KeyDerivation.Pbkdf2 对密码进行哈希处理,请参考以下示例:
创建 Admin Class 并添加相关属性:
public class Admin
{
[Key]
public int ID { get; set; }
public string AdminName { get; set; }
public string Password { get; set; }
public byte[] PasswordSalt { get; set; }
}
创建 ModelBuilderExtensions:添加初始数据并散列密码
public static class ModelBuilderExtensions
{
public static void Seed(this ModelBuilder modelBuilder)
{
modelBuilder.Entity<Admin>().HasData(
CreateAdmin(1,"Dillion", "Password01"),
CreateAdmin(2,"Tom", "Password02"),
CreateAdmin(3, "David", "Password03")
);
}
public static Admin CreateAdmin(int id, string name, string password)
{
var admin = new Admin();
byte[] salt = new byte[128 / 8];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(salt);
}
admin.PasswordSalt = salt;
//Console.WriteLine($"Salt: {Convert.ToBase64String(salt)}");
// derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations)
string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: password,
salt: salt,
prf: KeyDerivationPrf.HMACSHA1,
iterationCount: 10000,
numBytesRequested: 256 / 8));
admin.Password = hashed;
admin.AdminName = name;
admin.ID = id;
return admin;
}
}
在OnModelCreating方法中调用seed()方法:
public class ApplicationDbContext : DbContext
{
public DbSet<Admin> Admins { get; set; }
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options) : base(options)
{
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Seed();
}
}
使用以下命令启用迁移:
add-migration AddAdmin -context ApplicationDbContext
update-database -context ApplicationDbContext
检查管理员table:
更多详细信息,查看以下文章:
Hash passwords in ASP.NET Core
我有一个 table "admins" ,我想将数据播种到其中。 table 有一个 password(nvarchar(128)) 字段和一个 password_salt(varbinary(1024)) 字段。
模型是这样的:
public string Password { get; set; }
public byte[] PasswordSalt { get; set; }
当我创建一个新的管理员时,我创建了一个密码散列和一个密码盐,如下所示:
public Admins Register(Admins admin)
{
CreatePasswordHash(admin.Password, out string passwordHash, out Byte[] passwordSalt);
admin.Password = passwordHash;
admin.PasswordSalt = passwordSalt;
//rest of code
}
private void CreatePasswordHash(string password, out string passwordHash, out Byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
Byte[] buffer = hmac.ComputeHash(Encoding.Unicode.GetBytes(password));
passwordHash = Encoding.Unicode.GetString(buffer);
passwordSalt = hmac.Key;
}
}
如何播种 table?我应该在密码盐字段中输入什么?它是一个字节 [],我不知道如何获取它并放入我的 migrationBuilder.InsertData() 方法中。
您可以使用安全的 RandomNumberGenerator 生成 128 位盐,并使用 KeyDerivation.Pbkdf2 对密码进行哈希处理,请参考以下示例:
创建 Admin Class 并添加相关属性:
public class Admin { [Key] public int ID { get; set; } public string AdminName { get; set; } public string Password { get; set; } public byte[] PasswordSalt { get; set; } }创建 ModelBuilderExtensions:添加初始数据并散列密码
public static class ModelBuilderExtensions { public static void Seed(this ModelBuilder modelBuilder) { modelBuilder.Entity<Admin>().HasData( CreateAdmin(1,"Dillion", "Password01"), CreateAdmin(2,"Tom", "Password02"), CreateAdmin(3, "David", "Password03") ); } public static Admin CreateAdmin(int id, string name, string password) { var admin = new Admin(); byte[] salt = new byte[128 / 8]; using (var rng = RandomNumberGenerator.Create()) { rng.GetBytes(salt); } admin.PasswordSalt = salt; //Console.WriteLine($"Salt: {Convert.ToBase64String(salt)}"); // derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations) string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2( password: password, salt: salt, prf: KeyDerivationPrf.HMACSHA1, iterationCount: 10000, numBytesRequested: 256 / 8)); admin.Password = hashed; admin.AdminName = name; admin.ID = id; return admin; } }在OnModelCreating方法中调用seed()方法:
public class ApplicationDbContext : DbContext { public DbSet<Admin> Admins { get; set; } public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options) : base(options) { } protected override void OnModelCreating(ModelBuilder modelBuilder) { modelBuilder.Seed(); } }使用以下命令启用迁移:
add-migration AddAdmin -context ApplicationDbContext update-database -context ApplicationDbContext检查管理员table:
更多详细信息,查看以下文章:
Hash passwords in ASP.NET Core