c# - 检查登录 ASP.NET Core 上的加密密码

如何将盐存储在用户身边？

只需向用户添加一个属性，如下所示：

public class User
{
    public int Id { get; set; }
    public string Name { get; set; }
    public string Password { get; set; }
    public byte[] StoredSalt { get; set; }
    //other properties...
}

当用户输入新密码时，需要用相同的盐对其进行加密，然后将其与数据库中的加密密码进行比较。

您可以参考以下代码：

定义一个临时使用的新类：

public class HashSalt
{
    public string Hash { get; set; }
    public byte[] Salt { get; set; }
}

注册和登录之类的东西：

[HttpPost]
public IActionResult Register(User user)
{
    var hashsalt = EncryptPassword(user.Password);
    user.Password = hashsalt.Hash;
    user.StoredSalt = hashsalt.Salt;
    _context.Users.Add(user);
    _context.SaveChanges();
    return View();
}

[HttpPost]
public IActionResult Login(User loginUser)
{
    var user = _context.Users.FirstOrDefault(u => u.Name == loginUser.Name);
    var isPasswordMatched = VerifyPassword(loginUser.Password, user.StoredSalt, user.Password);
    if (isPasswordMatched)
    {
        //Login Successfull
    }
    else
    {
        //Login Failed
    }

    return View();
}
public HashSalt EncryptPassword(string password)
{
    byte[] salt = new byte[128 / 8]; // Generate a 128-bit salt using a secure PRNG
    using (var rng = RandomNumberGenerator.Create())
    {
        rng.GetBytes(salt);
    }
    string encryptedPassw = Convert.ToBase64String(KeyDerivation.Pbkdf2(
        password: password,
        salt: salt,
        prf: KeyDerivationPrf.HMACSHA1,
        iterationCount: 10000,
        numBytesRequested: 256 / 8
    ));
    return new HashSalt { Hash = encryptedPassw , Salt = salt };
}
    
public bool VerifyPassword(string enteredPassword, byte[] salt, string storedPassword)
{
    string encryptedPassw = Convert.ToBase64String(KeyDerivation.Pbkdf2(
        password: enteredPassword,
        salt: salt,
        prf: KeyDerivationPrf.HMACSHA1,
        iterationCount: 10000,
        numBytesRequested: 256 / 8
    ));
    return encryptedPassw == storedPassword;
}