ASP.NET MembershipProvider – 它究竟是如何进行加密的?
我需要了解MembershipProvider如何执行加密的细节:
- 它使用什么算法?
- 是否有任何base64编码预处理或后处理?
- 除了它使用的标准算法之外还有什么额外的东西吗?
给定要加密的纯文本密码,请指导我完成生成最终加密密码的确切步骤。
我认为看到源代码在回答我的问题方面会有很长的路要走,但我无法在网上找到它。 我只找到了这个文档 ,它没有提供实现细节。
感谢您的任何信息!
下面是你想要/需要的代码…它是一个兔子warren到达那里,所以要完全理解,我建议做以下事项:
- 安装ReSharper
[可选]安装dotPeek - 在任何地方写下面的代码:
var dummyMembershipProvider = new SqlMembershipProvider();
dummyMembershipProvider.ChangePassword("userName", "oldPassword", "newPassword"); - Ctrl +左键单击
ChangePassword上的(转到定义) - 这将开始你的兔子沃伦之旅…它应该看起来像这样:
SqlMembershipProvider.ChangePassword
SqlMembershipProvider.EncodePassword
MembershipProvider.EncryptPassword
IMembershipAdapter.EncryptOrDecryptData
MembershipAdapter.EncryptOrDecryptData
MachineKeySection.EncryptOrDecryptData - 购买ReSharper是因为你意识到你不能再没有它了
无论如何,这是MachineKeySection.EncryptOrDecryptData:
public sealed class MachineKeySection : ConfigurationSection { internal static byte[] EncryptOrDecryptData(bool fEncrypt, byte[] buf, byte[] modifier, int start, int length, bool useValidationSymAlgo, bool useLegacyMode, IVType ivType) { EnsureConfig(); if (useLegacyMode) useLegacyMode = _UsingCustomEncryption; // only use legacy mode for custom algorithms System.IO.MemoryStream ms = new System.IO.MemoryStream(); ICryptoTransform oDesEnc = GetCryptoTransform(fEncrypt, useValidationSymAlgo, useLegacyMode); CryptoStream cs = new CryptoStream(ms, oDesEnc, CryptoStreamMode.Write); // DevDiv Bugs 137864: Add Random or Hashed IV to beginning of data to be encrypted. // IVType.None is used by MembershipProvider which requires compatibility even in SP2 mode. bool createIV = ((ivType != IVType.None) && (CompatMode > MachineKeyCompatibilityMode.Framework20SP1)); if (fEncrypt && createIV) { byte[] iv = null; int ivLength = (useValidationSymAlgo ? _IVLengthValidation : _IVLengthDecryption); switch (ivType) { case IVType.Hash: iv = GetIVHash(buf, ivLength); break; case IVType.Random: iv = new byte[ivLength]; RandomNumberGenerator.GetBytes(iv); break; } Debug.Assert(iv != null, "Invalid value for IVType: " + ivType.ToString("G")); cs.Write(iv, 0, iv.Length); } cs.Write(buf, start, length); if (fEncrypt && modifier != null) { cs.Write(modifier, 0, modifier.Length); } cs.FlushFinalBlock(); byte[] paddedData = ms.ToArray(); byte[] bData; cs.Close(); ReturnCryptoTransform(fEncrypt, oDesEnc, useValidationSymAlgo, useLegacyMode); // DevDiv Bugs 137864: Strip Random or Hashed IV from beginning of unencrypted data if (!fEncrypt && createIV) { // strip off the first bytes that were either random bits or a hash of the original data // either way it is always equal to the key length int ivLength = (useValidationSymAlgo ? _IVLengthValidation : _IVLengthDecryption); int bDataLength = paddedData.Length - ivLength; // valid if the data is long enough to have included the padding if (bDataLength >= 0) { bData = new byte[bDataLength]; // copy from the padded data to non-padded buffer bData. // dont bother with copy if the data is entirely the padding if (bDataLength > 0) { Buffer.BlockCopy(paddedData, ivLength, bData, 0, bDataLength); } } else { // data is not padded because it is not long enough bData = paddedData; } } else { bData = paddedData; } if (!fEncrypt && modifier != null && modifier.Length > 0) { for(int iter=0; iter
可从Microsoft获得成员资格提供程序的源代码。 Scott Guthrie几年前在博客上发表了这篇文章。
http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx
如果您想为SimpleMembershipProvider编码和生成密码,请查看https://github.com/k-makarov/MembershipPasswordGenerator