使用带有哈希密码和盐值的数据创建种子

编程问答 2022-06-06

问题描述

我有一个表“ admins”,我想将数据植入表中。该表具有一个password(nvarchar(128))字段和一个password_salt(varbinary(1024))字段。

模型是这样的:

public string Password { get; set; }
public byte[] PasswordSalt { get; set; }

当我创建一个管理员时,我会创建一个密码哈希和一个密码盐:

public Admins Register(Admins admin)
        {
            CreatePasswordHash(admin.Password,out string passwordHash,out Byte[] passwordSalt);
            admin.Password = passwordHash;
            admin.PasswordSalt = passwordSalt;
            //rest of code
        }

private void CreatePasswordHash(string password,out Byte[] passwordSalt)
        {
            using (var hmac = new System.Security.Cryptography.HMACSHA512())
            {
                Byte[] buffer = hmac.ComputeHash(Encoding.Unicode.GetBytes(password));
                passwordHash = Encoding.Unicode.GetString(buffer);
                passwordSalt = hmac.Key;
            }
        }

如何播种此类表格?我应该在密码盐字段中输入什么?这是一个字节[],我不知道如何获取它并放入我的migrationBuilder.InsertData()方法中。

解决方法

您可以使用安全的RandomNumberGenerator生成128位盐,然后使用KeyDerivation.Pbkdf2对密码进行哈希处理,请参考以下示例:

  1. 创建管理类并添加相关属性:

     public class Admin
 {
     [Key]
     public int ID { get; set; }
     public string AdminName { get; set; }       
     public string Password { get; set; }
     public byte[] PasswordSalt { get; set; }
 }

  2. 创建ModelBuilderExtensions:添加初始数据并对密码进行哈希处理

     public static class ModelBuilderExtensions
 {
     public static void Seed(this ModelBuilder modelBuilder)
     {
         modelBuilder.Entity<Admin>().HasData(
             CreateAdmin(1,"Dillion","Password01"),CreateAdmin(2,"Tom","Password02"),CreateAdmin(3,"David","Password03")
         ); 
     }

     public static Admin CreateAdmin(int id,string name,string password)
     {
         var admin = new Admin();

         byte[] salt = new byte[128 / 8];
         using (var rng = RandomNumberGenerator.Create())
         {
             rng.GetBytes(salt);
         }

         admin.PasswordSalt = salt;
         //Console.WriteLine($"Salt: {Convert.ToBase64String(salt)}");

         // derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations)
         string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
             password: password,salt: salt,prf: KeyDerivationPrf.HMACSHA1,iterationCount: 10000,numBytesRequested: 256 / 8));
         admin.Password = hashed;
         admin.AdminName = name;
         admin.ID = id;
         return admin;
     }
 }

  3. 在OnModelCreating方法中调用seed()方法:

     public class ApplicationDbContext : DbContext
 { 
     public DbSet<Admin> Admins { get; set; }
     public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options) : base(options)
     {
     } 
     protected override void OnModelCreating(ModelBuilder modelBuilder)
     {
         modelBuilder.Seed();
     }

 }

  4. 使用以下命令启用迁移:

     add-migration AddAdmin -context ApplicationDbContext
 update-database -context ApplicationDbContext

  5. 检查管理表:

    enter image description here

更多详细信息,请查看以下文章:

Hash passwords in ASP.NET Core

Initialize DB with test data in Asp.net core

Applying Seed Data To The Database

asp.net-coreef-core-3.1entity-framework-corepassword-hashpasswords