问题描述
我几乎回答了与此问题相关的所有问题,但在下面找不到类似情况或针对我的问题的可靠答案。
问题:
我正在做一个 ASP.NET Core MVC 项目。我使用 Identity UI 进行用户身份验证和授权。我已经覆盖了 Idetity 用户默认密码哈希器:'PasswordHasher'
,它也是从 'IPasswordHasher'
接口实现的(ASP.NET Identity Version 2:PBKDF2 with HMAC-SHA1,128-bit salt,256-位子键,1000 次迭代),并按如下方式实现了我自己的类:
BCryptPasswordHasher.cs
using Microsoft.AspNetCore.Identity;
using System;
using System.Text;
namespace WATERrhythmWeb
{
public class BCryptPasswordHasher<TUser> : PasswordHasher<TUser> where TUser : class
{
readonly BCryptPasswordSettings _settings;
public BCryptPasswordHasher()
{
}
public BCryptPasswordHasher(BCryptPasswordSettings settings)
{
_settings = settings;
}
public override PasswordVerificationResult VerifyHashedPassword(TUser user,string hashedPassword,string providedPassword)
{
if (hashedPassword == null) { throw new ArgumentNullException(nameof(hashedPassword)); }
if (providedPassword == null) { throw new ArgumentNullException(nameof(providedPassword)); }
byte[] decodedHashedPassword = Convert.FromBase64String(hashedPassword);
// read the format marker from the hashed password
if (decodedHashedPassword.Length == 0)
{
return PasswordVerificationResult.Failed;
}
// ASP.NET Core uses 0x00 and 0x01,so we start at the other end
if (decodedHashedPassword[0] == 0xFF)
{
if (VerifyHashedPasswordBcrypt(decodedHashedPassword,providedPassword))
{
// This is an old password hash format - the caller needs to rehash if we're not running in an older compat mode.
return _settings.RehashPasswords
? PasswordVerificationResult.SuccessRehashNeeded
: PasswordVerificationResult.Success;
}
else
{
return PasswordVerificationResult.Failed;
}
}
return base.VerifyHashedPassword(user,hashedPassword,providedPassword);
}
private static bool VerifyHashedPasswordBcrypt(byte[] hashedPassword,string password)
{
if (hashedPassword.Length < 2)
{
return false; // bad size
}
//convert back to string for BCrypt,ignoring first byte
var storedHash = Encoding.UTF8.GetString(hashedPassword,1,hashedPassword.Length - 1);
return BCrypt.Net.BCrypt.Verify(password,storedHash);
}
public override string HashPassword(TUser user,string password)
{
//throw new NotImplementedException();
return BCrypt.Net.BCrypt.HashPassword(password);
}
}
}
-
然而,当同一个用户尝试登录时,我得到 以下错误。 (很明显,当散列密码时会发生这种情况 在数据库中使用用户输入的密码进行验证):
FormatException: The input is not a valid Base-64 string as it
contains a non-base 64 character,more than two padding characters,or
an illegal character among the padding characters.
-
错误来自以下代码行
PasswordVerificationResult VerifyHashedPassword(TUser user,string providedPassword)
的PasswordHasher
方法 类,其中hashedPassword
被转换为base64 string
。byte[] decodedHashedPassword = Convert.FromBase64String(hashedPassword);
有人可以向我解释如何解决这个问题吗?
谢谢。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)