C# Windows 应用程序中的密码散列,缺少 ASP.NET 的 FormsAuthentication?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/212763/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Password hashing in a C# Windows app, absent ASP.NET's FormsAuthentication?
提问by
My Win form app doesn't seem to like FormsAuthentication, I'm totally new to hashing so any help to convert this would be very welcome. Thanks.
我的 Win 表单应用程序似乎不喜欢 FormsAuthentication,我对散列完全陌生,因此非常欢迎任何帮助转换它。谢谢。
//Write hash
protected TextBox tbPassword;
protected Literal liHashedPassword;
{
string strHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(tbPassword.Text, "sha1");
liHashedPassword.Text = "Hashed Password is: " + strHashedPassword;
}
//read hash
string strUserInputtedHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile( tbPassword.Text, "sha1");
if(strUserInputtedHashedPassword == GetUsersHashedPasswordUsingUserName(tbUserName.Text))
{
// sign-in successful
}
else
{
// sign-in failed
}
回答by Vaibhav
I think it should work. All you need to do is reference System.Web.Security in your code (and add it as a reference in your Visual Studio Project).
我认为它应该工作。您需要做的就是在代码中引用 System.Web.Security(并将其添加为 Visual Studio 项目中的引用)。
回答by James Curran
The FormsAuthentication is defined in the System.Web.Security namespace which is in the System.Web.dll assembly.
FormsAuthentication 在 System.Web.Security 命名空间中定义,该命名空间位于 System.Web.dll 程序集中。
Just because you are writing a WinForm app does not stop you from using that namespace or referencing that assembly; they are just not done by default as they would be for a WebForms app.
仅仅因为您正在编写 WinForm 应用程序并不会阻止您使用该命名空间或引用该程序集;默认情况下,它们不会像 WebForms 应用程序那样完成。
回答by Mark Cidade
using System.Security.Cryptography;
public static string EncodePasswordToBase64(string password)
{ byte[] bytes = Encoding.Unicode.GetBytes(password);
byte[] inArray = HashAlgorithm.Create("SHA1").ComputeHash(bytes);
return Convert.ToBase64String(inArray);
}
回答by user28636
If you actually have to 'ship' this forms app, maybe adding System.Web.Security is not such a good idea...
如果您确实必须“运送”此表单应用程序,那么添加 System.Web.Security 可能不是一个好主意...
If you need an SHA1 hash, there is a very easy to use .net cryptography library with examples on msdn. The key is to
如果你需要一个 SHA1 哈希,在 msdn 上有一个非常容易使用的带有示例的 .net 加密库。关键是
- take what you want to encrypt
- turn it into bytes for whichever encoding(ascii, utf*) you are using
- Use one of the many hashing schemes builtin to .Net to get the hashed bytes
- turn those bytes back into a string in the same encoding as in step 2
- Save the resulting hashed string somewhere for later comparison
- 拿你想加密的东西
- 将其转换为您使用的任何编码(ascii,utf*)的字节
- 使用 .Net 内置的众多散列方案之一来获取散列字节
- 将这些字节转回与步骤 2 中相同编码的字符串
- 将生成的散列字符串保存在某处以供以后比较
//step 1 and 2
byte[] data = System.Text.Encoding.Unicode.GetBytes(tbPassword.Text,);
byte[] result;
//step 3
SHA1 sha = new SHA1CryptoServiceProvider();
result = sha.ComputeHash(data);
//step 4
string storableHashResult = System.Text.Encoding.Unicode.ToString(result);
//step 5
// add your code here
回答by woany
Could you not use the BitConverter function instead of the "x2" loop?
您不能使用 BitConverter 函数而不是“x2”循环吗?
e.g.
例如
return BitConverter.ToString(hash).Replace("-", "");
return BitConverter.ToString(hash).Replace("-", "");
回答by thashiznets
If you are using the hashing for user credentials I suggest you do more than just hashing, you ideally want key stretching as well.
如果您对用户凭据使用散列,我建议您做的不仅仅是散列,理想情况下您还需要密钥拉伸。
Here is an API to do what you want in a secure fashion:
这是一个以安全方式执行您想要的操作的 API:
