0

我正在尝试创建一个脚本来创建一些 MVC 用户进行测试,但是,我在生成密码哈希时遇到了问题。

我正在使用HASHBYTE文档中描述的以下 SQL :

INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(1,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);

但是,生成的哈希似乎是二进制的,而不是 Base64 字符串。

我应该如何为测试数据生成哈希?

-- DROP webpages_UsersInRoles
IF  EXISTS (SELECT * FROM sys.foreign_keys WHERE object_id = OBJECT_ID(N'[dbo].[fk_RoleId]') AND parent_object_id = OBJECT_ID(N'[dbo].[webpages_UsersInRoles]'))
ALTER TABLE [dbo].[webpages_UsersInRoles] DROP CONSTRAINT [fk_RoleId]
GO

IF  EXISTS (SELECT * FROM sys.foreign_keys WHERE object_id = OBJECT_ID(N'[dbo].[fk_UserId]') AND parent_object_id = OBJECT_ID(N'[dbo].[webpages_UsersInRoles]'))
ALTER TABLE [dbo].[webpages_UsersInRoles] DROP CONSTRAINT [fk_UserId]
GO

/****** Object:  Table [dbo].[webpages_UsersInRoles]    Script Date: 03/11/2013 23:47:49 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[webpages_UsersInRoles]') AND type in (N'U'))
DROP TABLE [dbo].[webpages_UsersInRoles]
GO

/****** Object:  Table [dbo].[webpages_Roles]    Script Date: 03/11/2013 23:52:45 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[webpages_Roles]') AND type in (N'U'))
DROP TABLE [dbo].[webpages_Roles]
GO

/****** Object:  Table [dbo].[UserProfile]    Script Date: 03/11/2013 23:53:09 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[UserProfile]') AND type in (N'U'))
DROP TABLE [dbo].[UserProfile]
GO

USE [Development_Membership]
GO

IF  EXISTS (SELECT * FROM dbo.sysobjects WHERE id = OBJECT_ID(N'[DF__webpages___IsCon__2F10007B]') AND type = 'D')
BEGIN
ALTER TABLE [dbo].[webpages_Membership] DROP CONSTRAINT [DF__webpages___IsCon__2F10007B]
END

GO

IF  EXISTS (SELECT * FROM dbo.sysobjects WHERE id = OBJECT_ID(N'[DF__webpages___Passw__300424B4]') AND type = 'D')
BEGIN
ALTER TABLE [dbo].[webpages_Membership] DROP CONSTRAINT [DF__webpages___Passw__300424B4]
END

GO

/****** Object:  Table [dbo].[webpages_OAuthMembership]    Script Date: 03/11/2013 23:53:46 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[webpages_OAuthMembership]') AND type in (N'U'))
DROP TABLE [dbo].[webpages_OAuthMembership]
GO

/****** Object:  Table [dbo].[webpages_Membership]    Script Date: 03/11/2013 23:53:29 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[webpages_Membership]') AND type in (N'U'))
DROP TABLE [dbo].[webpages_Membership]
GO


/*  Recreate Databases */

/****** Object:  Table [dbo].[webpages_OAuthMembership]    Script Date: 03/11/2013 23:54:33 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[webpages_OAuthMembership](
        [Provider] [nvarchar](30) NOT NULL,
        [ProviderUserId] [nvarchar](100) NOT NULL,
        [UserId] [int] NOT NULL,
PRIMARY KEY CLUSTERED 
(
        [Provider] ASC,
        [ProviderUserId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

CREATE TABLE [dbo].[webpages_Membership](
        [UserId] [int] NOT NULL,
        [CreateDate] [datetime] NULL,
        [ConfirmationToken] [nvarchar](128) NULL,
        [IsConfirmed] [bit] NULL,
        [LastPasswordFailureDate] [datetime] NULL,
        [PasswordFailuresSinceLastSuccess] [int] NOT NULL,
        [Password] [nvarchar](128) NOT NULL,
        [PasswordChangedDate] [datetime] NULL,
        [PasswordSalt] [nvarchar](128) NOT NULL,
        [PasswordVerificationToken] [nvarchar](128) NULL,
        [PasswordVerificationTokenExpirationDate] [datetime] NULL,
PRIMARY KEY CLUSTERED 
(
        [UserId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

ALTER TABLE [dbo].[webpages_Membership] ADD  DEFAULT ((0)) FOR [IsConfirmed]
GO

ALTER TABLE [dbo].[webpages_Membership] ADD  DEFAULT ((0)) FOR [PasswordFailuresSinceLastSuccess]
GO

CREATE TABLE [dbo].[webpages_Roles](
        [RoleId] [int] IDENTITY(1,1) NOT NULL,
        [RoleName] [nvarchar](256) NOT NULL,
PRIMARY KEY CLUSTERED 
(
        [RoleId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY],
UNIQUE NONCLUSTERED 
(
        [RoleName] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

CREATE TABLE [dbo].[UserProfile](
        [UserId] [int] IDENTITY(1,1) NOT NULL,
        [UserName] [nvarchar](56) NOT NULL,
PRIMARY KEY CLUSTERED 
(
        [UserId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY],
UNIQUE NONCLUSTERED 
(
        [UserName] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO


INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser1')
INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser2')
INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser3')
INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser4')
INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser5')

INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(1,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);
INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(2,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);
INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(3,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);
INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(4,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);
INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(5,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHB

YTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);

谢谢

4

2 回答 2

0

SQL Server 具有对 BASE64 编码的内置支持。

declare @source varbinary(max)
set @source = hashbytes('sha', '!+test123')

declare @encoded varchar(max)
set @encoded = cast('' as xml).value('xs:base64Binary(sql:variable("@source"))', 'varchar(max)')

但我不确定你会得到你需要的字符串。因为生成的字符串比 Membership 表中的字符串短。例如,在我的会员表中,我可以看到 'ABwa5RUTn98IqJxFaq3MXC2N6dtUT78HAUWuaI3Kl2BIgbBP0IkkVb70FtOYj9ib+A=='密码“123123”的(68 个字符)字符串,但是上面的代码只'YB8YiWZ++uuzO4wSVyg12j8Cf3g='为相同的密码生成(28 个字符)。

您可以查看http://www.mikesdotnetting.com/Article/200/The-SimpleMembershipProvider-Secure-Passwords-And-The-Crypto-Helper了解更多信息

于 2013-04-02T13:47:10.120 回答
0

您可以通过使用 Base-16(不是 Base-64)并在二进制字符串前面加上 ,在 T-SQL 中向 MSSQL 服务器提供二进制数据0x,如下所示:

INSERT INTO binaryValues ( [SomeBinaryColumn] ) VALUES ( 0xDEADBEEF )

在 C# 中,您可以直接向 a 提供二进制值,SqlParameter或者如果您像这样生成 SQL:

Byte[] hashData = GetHash();
StringBuilder sb = new StringBuilder( hashData.Length * 2 );
sb.Append("0x");
for(int i=0;i<hashData.Length;i++) {
    sb.Append( hashData[i].ToString("x2") );
}
return sb.ToString();
于 2013-03-12T00:21:23.200 回答