我需要使用带有 Auth0 的现有 ASP.NET OWIN 数据库。我遇到的一个问题是我需要用 JavaScript(用于 Auth0 动作脚本)编写一个函数,该函数接受一个明文密码,对其进行散列并将该散列与 OWIN 数据库中的现有散列进行比较。哈希是使用 ASP.NET Identity UserManager 类创建的。
如何复制 UserManager 在 JavaScript 中使用的算法?
提前致谢, 亚瑟。
【问题讨论】:
标签: hash owin auth0 usermanager
找到了答案。您可以使用此 C# 代码 sn-p 从使用 edge 的节点到像 UserManager 在 ASP.NET Identity 中那样具有密码。
var edge = require('edge');
var verifyHash = edge.func(function() {/*
using System;
using System.Runtime.CompilerServices;
using System.Security.Cryptography;
using System.Threading.Tasks;
using System.Runtime.InteropServices;
using System.Security.Principal;
internal static class Crypto
{
private const int PBKDF2IterCount = 1000; // default for Rfc2898DeriveBytes
private const int PBKDF2SubkeyLength = 256/8; // 256 bits
private const int SaltSize = 128/8; // 128 bits
public static string HashPassword(string password)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
// Produce a version 0 (see comment above) text hash.
byte[] salt;
byte[] subkey;
using (var deriveBytes = new Rfc2898DeriveBytes(password, SaltSize, PBKDF2IterCount))
{
salt = deriveBytes.Salt;
subkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
}
var outputBytes = new byte[1 + SaltSize + PBKDF2SubkeyLength];
Buffer.BlockCopy(salt, 0, outputBytes, 1, SaltSize);
Buffer.BlockCopy(subkey, 0, outputBytes, 1 + SaltSize, PBKDF2SubkeyLength);
return Convert.ToBase64String(outputBytes);
}
// hashedPassword must be of the format of HashWithPassword (salt + Hash(salt+input)
public static bool VerifyHashedPassword(string hashedPassword, string password)
{
if (hashedPassword == null)
{
return false;
}
if (password == null)
{
throw new ArgumentNullException("password");
}
var hashedPasswordBytes = Convert.FromBase64String(hashedPassword);
// Verify a version 0 (see comment above) text hash.
if (hashedPasswordBytes.Length != (1 + SaltSize + PBKDF2SubkeyLength) || hashedPasswordBytes[0] != 0x00)
{
// Wrong length or version header.
return false;
}
var salt = new byte[SaltSize];
Buffer.BlockCopy(hashedPasswordBytes, 1, salt, 0, SaltSize);
var storedSubkey = new byte[PBKDF2SubkeyLength];
Buffer.BlockCopy(hashedPasswordBytes, 1 + SaltSize, storedSubkey, 0, PBKDF2SubkeyLength);
byte[] generatedSubkey;
using (var deriveBytes = new Rfc2898DeriveBytes(password, salt, PBKDF2IterCount))
{
generatedSubkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
}
return ByteArraysEqual(storedSubkey, generatedSubkey);
}
// Compares two byte arrays for equality. The method is specifically written so that the loop is not optimized.
[MethodImpl(MethodImplOptions.NoOptimization)]
private static bool ByteArraysEqual(byte[] a, byte[] b)
{
if (ReferenceEquals(a, b))
{
return true;
}
if (a == null || b == null || a.Length != b.Length)
{
return false;
}
var areSame = true;
for (var i = 0; i < a.Length; i++)
{
areSame &= (a[i] == b[i]);
}
return areSame;
}
}
class Startup
{
public async Task<object> Invoke(dynamic input)
{
return await Task<object>.Run(() => {
return Task.FromResult<object>(Crypto.VerifyHashedPassword (input.hashedPassword, input.providedPassword));
});
}
}
*/});
verifyHash({ hashedPassword: 'AONmKUXiPKhN1J+t8DwCp2uTq3TBcJNabcc4HuQkx+uwO+5+yRJZreJ9jZyxyGzhzg==', providedPassword: 'abc' }, function (error, result) {
if (error) {
console.log(error);
}
else {
if (result) {
// Password matches!
}
}
});
【讨论】: