我在谷歌上搜索过,不幸的是我找不到任何我想要的预期答案。
我已经下载了.NET implementation of BCrypt
老实说,我通常用 PHP 语言编码,我对 .Net 这样的东西一无所知
最佳答案
我假设您已经拥有将用户哈希存储在某种用户配置文件表中的架构?
假设该表的格式如下:
PersonID int PrimaryKey
PersonName nvarchar(50)
PersonPasswordHash varchar(128)
PersonPasswordSalt nvarchar(10)
然后在您的 .net 代码(C# 中的示例)中,您将在创建新用户时继续执行以下操作
string passwordPlain = txtPassword.Text; // This is the password entered by the user
/* a work factor of 10 is default, but you can mention any thing from 4 to 31.
But keep in mind that for every increment in work factor the work increases
twice (its 2**log_rounds)
*/
string passwordSalt = BCrypt.GenerateSalt(10);
string passwordHash = BCrypt.HashPassword(passwordPlain, passwordSalt);
// Now store the passwordHash and passwordSalt in the database for that user
获得上述值后,将适当的值存储在数据库中。
验证登录时,从数据库中检索有关 passwordHash
和 passwordSalt
的详细信息,您可以按如下方式进行验证:
string originalPasswordSalt; // retrieve its value from the DB
string originalPasswordHash; // retrieve its value from the DB
string givenPasswordPlain = txtPassword.Text; // given by the user during login
string givenPasswordHash = BCrypt.HashPassword(givenPasswordPlain, originalPasswordSalt);
if(givenPasswordHash.Equals(originalPasswordHash)) { // you have an valid user
} else { // given login name or password is not valid
}
关于.net - 如何使用 .Net 实现 SQL Server 的 BCrypt?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14970981/