我有一个在.NET核心网站中使用的数据库,现在我需要用node js检查登录
如何在node.js中检查密码散列,我找到了一个function来执行此操作,但对.net核心aspnetusers不起作用,只在最后一个asp.net中执行
最佳答案
作为这篇文章:JavaScript: How to generate Rfc2898DeriveBytes like C#?
但是对于.NET Core需要更改,因为在.NET Core ^1中,哈希使用v3,所以代码应该更改为:
// The value stored in [dbo].[AspNetUsers].[PasswordHash]
const hashedPwd = "AQAAAAEAACcQAAAAENX1Hdhgta05DYzYzVOI5kfv1mM0oc2OCIF8tKvNZeSTMWoczGZk+6yy9DMWtLeVQQ==";
const hashedPasswordBytes = new Buffer(hashedPwd, 'base64');
const hexChar = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"];
let salt_string = "";
let storedSubKeyString = "";
// build strings of octets for the salt and the stored key
for (let i = 1; i < hashedPasswordBytes.length; i++) {
if (i > 12 && i <= 28) {
salt_string += hexChar[(hashedPasswordBytes[i] >> 4) & 0x0f] + hexChar[hashedPasswordBytes[i] & 0x0f]
}
if (i > 0 && i > 28) {
storedSubKeyString += hexChar[(hashedPasswordBytes[i] >> 4) & 0x0f] + hexChar[hashedPasswordBytes[i] & 0x0f];
}
}
// password provided by the user
const password = 'password';
var nodeCrypto = crypto.pbkdf2Sync(
new Buffer(password),
new Buffer(salt_string, 'hex'), 10000, 256, 'SHA256');
var derivedKeyOctets = nodeCrypto.toString('hex').toUpperCase();
if (derivedKeyOctets.indexOf(storedSubKeyString) === 0) {
return "passwords match!";
} else {
return "passwords DO NOT match!";
}
关于node.js - 如何从AspNetUsers .net core检查node.js中的密码,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/46888656/