问题描述
我正在开发一个 ASP.NET Core MVC Web 应用程序。为此,我使用 Identity UI 来处理用户帐户。在身份用户而不是默认散列方法(ASP.NET Identity Version 2: PBKDF2 with HMAC-SHA1,128-bit salt,256-bit subkey,1000 iterations)中,我将修改它并使用自定义散列算法(Bcrypt ) 如下:
(我已经按照 Visual Studio IntelliSense 的建议安装了 NuGet 包 'Portable.BouncyCastle')
BCryptPasswordHasher.cs
using Microsoft.AspNetCore.Identity;
using Org.BouncyCastle.Crypto.Generators;
using System;
using System.Text;
namespace WATERrhythmWeb
{
public class BCryptPasswordHasher<TUser> : PasswordHasher<TUser> where TUser : class
{
readonly BCryptPasswordSettings _settings;
public BCryptPasswordHasher(BCryptPasswordSettings settings)
{
_settings = settings;
}
public override PasswordVerificationResult VerifyHashedPassword(TUser user,string hashedPassword,string providedPassword)
{
if (hashedPassword == null) { throw new ArgumentNullException(nameof(hashedPassword)); }
if (providedPassword == null) { throw new ArgumentNullException(nameof(providedPassword)); }
byte[] decodedHashedPassword = Convert.FromBase64String(hashedPassword);
// read the format marker from the hashed password
if (decodedHashedPassword.Length == 0)
{
return PasswordVerificationResult.Failed;
}
// ASP.NET Core uses 0x00 and 0x01,so we start at the other end
if (decodedHashedPassword[0] == 0xFF)
{
if (VerifyHashedPasswordBcrypt(decodedHashedPassword,providedPassword))
{
// This is an old password hash format - the caller needs to rehash if we're not running in an older compat mode.
return _settings.RehashPasswords
? PasswordVerificationResult.SuccessRehashNeeded
: PasswordVerificationResult.Success;
}
else
{
return PasswordVerificationResult.Failed;
}
}
return base.VerifyHashedPassword(user,hashedPassword,providedPassword);
}
private static bool VerifyHashedPasswordBcrypt(byte[] hashedPassword,string password)
{
if (hashedPassword.Length < 2)
{
return false; // bad size
}
//convert back to string for BCrypt,ignoring first byte
var storedHash = Encoding.UTF8.GetString(hashedPassword,1,hashedPassword.Length - 1);
return BCrypt.Verify(password,storedHash);
}
}
}
方法'private static bool VerifyHashedPasswordBcrypt(byte[] hashedPassword,string password)'
中,return语句有问题。 BCrypt
没有 'Verify'
的定义。我在互联网上搜索试图找到类似的方法。但没有这样做。
严重性代码描述项目文件行抑制状态 错误 CS0117 'BCrypt' 不包含定义 '验证' WATERrhythmWeb D:\Implementations\WebAppAndWebAPI-Recreation\Github014\WATERrhythmWEB-API\WATERrhythmWeb\BCryptPasswordHasher.cs 58 Active
如果有人可以帮助我了解如何纠正上述问题,我将不胜感激。
提前致谢。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)