mamad_za
شنبه 16 اسفند 1393, 22:44 عصر
سلام دوستان من برای کد کردن پسوردهای کاربران از روش pbkd2 استفاده می کردم قبلاً من در framework 3.5 اینکار رو می کردم و مشکلی نداشتم اما چند وقتی که اومدم تو ورژن 4.5 به مشکل برخورد کردم ، دوستان تو ایجاد کاربر مشکلی نیست پسسورد هم ساخته میشه ، اما موقع لاگین ارور میده ، و محتوای ارورش هم اینه که Viewstate ظرفیتش پر شده تو خیلی از سایت های خارجی Search کردم تو اکثر سایت ها میگفتن به خاطر سایز زیاد view state و برای حل این مشکل از ریپلیس استفاده کنید sEncryptedString = sEncryptedString.Replace(' ', '+');
از این روش هم هر چقدر استفاده کردم نشد البته جا گذاری درستش رو نمی دونستم دوستان اگه لطف کنید راهنمایی کنید
متن ارور
An exception of type 'System.FormatException' occurred in mscorlib.dll but was not handled in user code
Additional information: Invalid length for a Base-64 char array or string.
Invalid length for a Base-64 char array or string. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.FormatException: Invalid length for a Base-64 char array or string.
Source Error:
Line 127: int iterations = Int32.Parse(split[ITERATION_INDEX]);
Line 128: byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
Line 129: byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
Line 130:
Line 131: byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
کدهای کلاس تبدیل پسوورد به hash و جک کردن هش با پسسورد وارد شده
#region HashPassWord
public const int SALT_BYTE_SIZE = 24;
public const int HASH_BYTE_SIZE = 24;
public const int PBKDF2_ITERATIONS = 500;
public const int ITERATION_INDEX = 0;
public const int SALT_INDEX = 1;
public const int PBKDF2_INDEX = 2;
public static string CreateHash(string password)
{
// Generate a random salt
RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
byte[] salt = new byte[SALT_BYTE_SIZE];
csprng.GetBytes(salt);
// Hash the password and encode the parameters
byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
return PBKDF2_ITERATIONS + ":" +
Convert.ToBase64String(salt) + ":" +
Convert.ToBase64String(hash);
}
public static bool ValidatePassword(string password, string correctHash)
{
// Extract the parameters from the hash
char[] delimiter = { ':' };
string[] split = correctHash.Split(delimiter);
int iterations = Int32.Parse(split[ITERATION_INDEX]);
byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
return SlowEquals(hash, testHash);
}
private static bool SlowEquals(byte[] a, byte[] b)
{
uint diff = (uint)a.Length ^ (uint)b.Length;
for (int i = 0; i < a.Length && i < b.Length; i++)
diff |= (uint)(a[i] ^ b[i]);
return diff == 0;
}
private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
{
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
pbkdf2.IterationCount = iterations;
return pbkdf2.GetBytes(outputBytes);
}
#endregion HashPassWord
DataTable dt = new DataTable();
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("Select * from tbl_Admin WHERE UserName=@p1",con))
{
using (SqlDataAdapter sda = new SqlDataAdapter(cmd))
{
cmd.Parameters.AddWithValue("@p1", txtUserName.Text);
con.Open();
sda.Fill(dt);
con.Close();
string HashedPass = dt.Rows[0]["Pass"].ToString();
if (dt.Rows.Count > 0 && Code.ValidatePassword(txtPass.Text, HashedPass))
{
if (FormsAuthentication.CookiesSupported)
{
var ticket = new FormsAuthenticationTicket(2, txtUserName.Text.Trim().ToLower(), DateTime.Now, DateTime.Now.AddMonths(2),true,"admin");
string encryptTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptTicket)
{
Expires = chkRemember.Checked ? ticket.Expiration : DateTime.Now.AddHours(2)
};
Response.SetCookie(cookie);
}
else
{
throw new Exception("Cookieless Forms Authentication is not supported for this application.");
}
}
else
{
lblResult.Text = "اطلاعات وارد شده صحیح نمی باشد.";
}
}
}
}
از این روش هم هر چقدر استفاده کردم نشد البته جا گذاری درستش رو نمی دونستم دوستان اگه لطف کنید راهنمایی کنید
متن ارور
An exception of type 'System.FormatException' occurred in mscorlib.dll but was not handled in user code
Additional information: Invalid length for a Base-64 char array or string.
Invalid length for a Base-64 char array or string. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.FormatException: Invalid length for a Base-64 char array or string.
Source Error:
Line 127: int iterations = Int32.Parse(split[ITERATION_INDEX]);
Line 128: byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
Line 129: byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
Line 130:
Line 131: byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
کدهای کلاس تبدیل پسوورد به hash و جک کردن هش با پسسورد وارد شده
#region HashPassWord
public const int SALT_BYTE_SIZE = 24;
public const int HASH_BYTE_SIZE = 24;
public const int PBKDF2_ITERATIONS = 500;
public const int ITERATION_INDEX = 0;
public const int SALT_INDEX = 1;
public const int PBKDF2_INDEX = 2;
public static string CreateHash(string password)
{
// Generate a random salt
RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
byte[] salt = new byte[SALT_BYTE_SIZE];
csprng.GetBytes(salt);
// Hash the password and encode the parameters
byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
return PBKDF2_ITERATIONS + ":" +
Convert.ToBase64String(salt) + ":" +
Convert.ToBase64String(hash);
}
public static bool ValidatePassword(string password, string correctHash)
{
// Extract the parameters from the hash
char[] delimiter = { ':' };
string[] split = correctHash.Split(delimiter);
int iterations = Int32.Parse(split[ITERATION_INDEX]);
byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);
byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
return SlowEquals(hash, testHash);
}
private static bool SlowEquals(byte[] a, byte[] b)
{
uint diff = (uint)a.Length ^ (uint)b.Length;
for (int i = 0; i < a.Length && i < b.Length; i++)
diff |= (uint)(a[i] ^ b[i]);
return diff == 0;
}
private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
{
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
pbkdf2.IterationCount = iterations;
return pbkdf2.GetBytes(outputBytes);
}
#endregion HashPassWord
DataTable dt = new DataTable();
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("Select * from tbl_Admin WHERE UserName=@p1",con))
{
using (SqlDataAdapter sda = new SqlDataAdapter(cmd))
{
cmd.Parameters.AddWithValue("@p1", txtUserName.Text);
con.Open();
sda.Fill(dt);
con.Close();
string HashedPass = dt.Rows[0]["Pass"].ToString();
if (dt.Rows.Count > 0 && Code.ValidatePassword(txtPass.Text, HashedPass))
{
if (FormsAuthentication.CookiesSupported)
{
var ticket = new FormsAuthenticationTicket(2, txtUserName.Text.Trim().ToLower(), DateTime.Now, DateTime.Now.AddMonths(2),true,"admin");
string encryptTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptTicket)
{
Expires = chkRemember.Checked ? ticket.Expiration : DateTime.Now.AddHours(2)
};
Response.SetCookie(cookie);
}
else
{
throw new Exception("Cookieless Forms Authentication is not supported for this application.");
}
}
else
{
lblResult.Text = "اطلاعات وارد شده صحیح نمی باشد.";
}
}
}
}