我需要使用php對ASP.NET成員資格表進行身份驗證。成員資格api被配置爲使用散列密碼。在PHP中使用ASP.NET成員身份
有人可以好心給我的PHP來散列來自登錄表單的密碼,並將其與sql字段進行比較?
我知道我傳入的密碼是正確的,但不是哈希值相同。
private function Auth($username, $password)
{
// Hashed password in db
$hash = $this->parent->_memberData['conv_password'];
// password passed from form
$bytes = mb_convert_encoding($password, 'UTF-7');
// Salt from db
$salt = base64_decode($this->parent->_memberData['misc']);
// hash password from form with salt
$hashedpassword = base64_encode(sha1($salt . $bytes, true));
// Test em out
if ($hashedpassword == $hash)
{
$this->return_code = "SUCCESS";
return true;
}
else
{
$this->return_code = "WRONG_AUTH";
return false;
}
}
UPDATE:
我已經嘗試不同的編碼有相同的結果。 UTF-7,UTF-8和UTF-16。
更新: 我一直在爲此奮鬥了一個禮拜。賞金來吧...
這裏是單元測試形式的.net代碼。單元測試工作並且值直接從數據庫中取出。這段代碼到php的正確翻譯是什麼?
public void EncodePassword()
{
string expected = "aP/mqBu3VkX+rIna42ramuosS3s=";
string salt = "urIaGX0zd/oBRMDZjc1CKw==";
string pass = "Comeonman";
byte[] bytes = Encoding.Unicode.GetBytes(pass);
byte[] numArray = Convert.FromBase64String(salt);
byte[] numArray1 = new byte[(int)numArray.Length + (int)bytes.Length];
byte[] numArray2 = null;
Buffer.BlockCopy(numArray, 0, numArray1, 0, (int)numArray.Length);
Buffer.BlockCopy(bytes, 0, numArray1, (int)numArray.Length, (int)bytes.Length);
HashAlgorithm hashAlgorithm = HashAlgorithm.Create("SHA1");
if (hashAlgorithm != null)
{
numArray2 = hashAlgorithm.ComputeHash(numArray1);
}
Assert.AreEqual(Convert.ToBase64String(numArray2), expected);
}
你會得到不同的散列值嗎? – MyStream 2012-02-23 05:45:35
是的,哈希不匹配 – Darthg8r 2012-02-23 14:42:19
這可能有所幫助:http://thekindofme.wordpress.com/2008/12/04/aspnet-membership-password-hashing-algorithm/ – Prescott 2012-02-23 17:32:29