密码散列和加零
Password hashing and adding zero
我正在尝试用户 login/register 模板和
当我注册用户时,我会像这样进行散列
public class HashingHelper
{
public static void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password));
}
}
public static bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return false;
}
}
return true;
}
public class AccessToken
{
public string Token { get; set; }
public DateTime Expiration { get; set; }
}
public interface ITokenHelper
{
AccessToken CreateToken(User user, List<OperationClaim> operationClaims);
}
public JwtHelper(IConfiguration configuration)
{
Configuration = configuration;
_tokenOptions = Configuration.GetSection("TokenOptions").Get<TokenOptions>();
}
public AccessToken CreateToken(User user, List<OperationClaim> operationClaims)
{
_accessTokenExpiration = DateTime.Now.AddMinutes(_tokenOptions.AccessTokenExpiration);
var securityKey = SecurityKeyHelper.CreateSecurityKey(_tokenOptions.SecurityKey);
var signingCredentials = SigningCredentialsHelper.CreateSigningCredentials(securityKey);
var jwt = CreateJwtSecurityToken(_tokenOptions, user, signingCredentials, operationClaims);
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
var token = jwtSecurityTokenHandler.WriteToken(jwt);
return new AccessToken
{
Token = token,
Expiration = _accessTokenExpiration
};
}
public JwtSecurityToken CreateJwtSecurityToken(TokenOptions tokenOptions, User user,
SigningCredentials signingCredentials, List<OperationClaim> operationClaims)
{
var jwt = new JwtSecurityToken(
issuer: tokenOptions.Issuer,
audience: tokenOptions.Audience,
expires: _accessTokenExpiration,
notBefore: DateTime.Now,
claims: SetClaims(user, operationClaims),
signingCredentials: signingCredentials
);
return jwt;
}
代码进行散列并给出了这个结果
0x3BD49472981C07E354B156A9DBD11F507DFFEE40A353CD732ABED6E14035C36C31E93E8888E1E657B77B41B35E883CD5F8920DDDB3F87D1F85AFFA3E2BD1015E
它会没有问题,但是当我尝试登录用户时
我不能,因为当我在本地 sql 数据库中看到代码时,我看到代码正在添加零数字
0x3BD49472981C07E354B156A9DBD11F507DFFEE40A353CD732ABED6E14035C36C31E93E8888E1E657B77B41B35E883CD5F8920DDDB3F87D1F85AFFA3E2BD1015E00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
当我检查我的代码时,我没有发现任何错误
那我该怎么做呢
如果是 mssql,请使用 varbinary(500) 而不是 binary(500)
https://www.tektutorialshub.com/sql-server/binary-and-varbinary-data-types-in-sql-server/
我正在尝试用户 login/register 模板和 当我注册用户时,我会像这样进行散列
public class HashingHelper
{
public static void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
passwordSalt = hmac.Key;
passwordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password));
}
}
public static bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
{
var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != passwordHash[i])
{
return false;
}
}
return true;
}
public class AccessToken
{
public string Token { get; set; }
public DateTime Expiration { get; set; }
}
public interface ITokenHelper
{
AccessToken CreateToken(User user, List<OperationClaim> operationClaims);
}
public JwtHelper(IConfiguration configuration)
{
Configuration = configuration;
_tokenOptions = Configuration.GetSection("TokenOptions").Get<TokenOptions>();
}
public AccessToken CreateToken(User user, List<OperationClaim> operationClaims)
{
_accessTokenExpiration = DateTime.Now.AddMinutes(_tokenOptions.AccessTokenExpiration);
var securityKey = SecurityKeyHelper.CreateSecurityKey(_tokenOptions.SecurityKey);
var signingCredentials = SigningCredentialsHelper.CreateSigningCredentials(securityKey);
var jwt = CreateJwtSecurityToken(_tokenOptions, user, signingCredentials, operationClaims);
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
var token = jwtSecurityTokenHandler.WriteToken(jwt);
return new AccessToken
{
Token = token,
Expiration = _accessTokenExpiration
};
}
public JwtSecurityToken CreateJwtSecurityToken(TokenOptions tokenOptions, User user,
SigningCredentials signingCredentials, List<OperationClaim> operationClaims)
{
var jwt = new JwtSecurityToken(
issuer: tokenOptions.Issuer,
audience: tokenOptions.Audience,
expires: _accessTokenExpiration,
notBefore: DateTime.Now,
claims: SetClaims(user, operationClaims),
signingCredentials: signingCredentials
);
return jwt;
}
代码进行散列并给出了这个结果
0x3BD49472981C07E354B156A9DBD11F507DFFEE40A353CD732ABED6E14035C36C31E93E8888E1E657B77B41B35E883CD5F8920DDDB3F87D1F85AFFA3E2BD1015E
它会没有问题,但是当我尝试登录用户时
我不能,因为当我在本地 sql 数据库中看到代码时,我看到代码正在添加零数字
0x3BD49472981C07E354B156A9DBD11F507DFFEE40A353CD732ABED6E14035C36C31E93E8888E1E657B77B41B35E883CD5F8920DDDB3F87D1F85AFFA3E2BD1015E00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
当我检查我的代码时,我没有发现任何错误 那我该怎么做呢
如果是 mssql,请使用 varbinary(500) 而不是 binary(500)
https://www.tektutorialshub.com/sql-server/binary-and-varbinary-data-types-in-sql-server/