0

我们正在构建一个通过 DNN 集成的移动应用程序。

移动应用程序使用连接到 DNN 模块的 ASP.net 网络服务,在移动应用程序中存在两个选项

第一个选项:

  • 注册屏幕

在 DNN 模块中创建新用户,问题是在 ASP.net Web 服务中负责创建新用户的网络方法,它连接到 DNN 数据库并在表(成员表)中插入新记录

  • aspnet_Membership

-aspnet_Users

-用户

问题是在这些表中插入新用户时

([aspnet_Membership]) 使用 ASP.net 代码和 Linq.sql 框架

对于这些领域

,[密码]

,[密码格式]

,[密码盐]

我们使用 Trible DES 算法获取用户密码

我们创建类来生成盐和加密和解密密码

public class NetFourMembershipProvider : SqlMembershipProvider
{
    public string GenerateSalt()
    {
        var buf = new byte[20];

        (new RNGCryptoServiceProvider()).GetBytes(buf);

        return Convert.ToBase64String(buf);
    }

    public string EncodePassword(byte passFormat, string passtext, string passwordSalt)
    {
        if (passFormat.Equals(0)) // passwordFormat="Clear" (0)
            return passtext;
        else
        {
            byte[] bytePASS = Encoding.Unicode.GetBytes(passtext);
            byte[] byteSALT = Convert.FromBase64String(passwordSalt);
            byte[] byteRESULT = new byte[byteSALT.Length + bytePASS.Length + 1];

            System.Buffer.BlockCopy(byteSALT, 0, byteRESULT, 0, byteSALT.Length);
            System.Buffer.BlockCopy(bytePASS, 0, byteRESULT, byteSALT.Length, bytePASS.Length);

            if (passFormat.Equals(1)) // passwordFormat="Hashed" (1)
            {
                HashAlgorithm ha = HashAlgorithm.Create(Membership.HashAlgorithmType);

                return (Convert.ToBase64String(ha.ComputeHash(byteRESULT)));
            }
            else // passwordFormat="Encrypted" (2)
            {
                return (Convert.ToBase64String(this.EncryptPassword(byteRESULT)));
            }
        }
    }

    public string GetClearTextPassword(string encryptedPwd)
    {
        byte[] encodedPassword = Convert.FromBase64String(encryptedPwd);
        byte[] bytes = this.DecryptPassword(encodedPassword);

        if (bytes == null)
        {
            return null;
        }

        return Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10).Substring(0, Encoding.Unicode.GetString(bytes, 0x10, bytes.Length - 0x10).Length - 1);
    }

    public new byte[] EncryptPassword(byte[] password)
    {
        return base.EncryptPassword(password);
    }
}

并在 web.config 文件中添加 sypher 密钥

在应用设置部分,我们添加

在 system.web 部分,我们添加

<machineKey validationKey="42441B48BCA3F15B2353E426BC2C9111680E09E8" decryptionKey="00B3BAE82FEF44753E95AE088CCDB5E75C0F3BB1E58DEC2A" decryption="3DES" validation="SHA1" />

注册网络服务的代码是

  try
        {

            string Email = Request.QueryString["Email"];
            string UserName = Request.QueryString["UserName"];
            string MobileNo = Request.QueryString["MobileNo"];
            string FirstName = Request.QueryString["FirstName"];
            string LastName = Request.QueryString["LastName"];
            string password = Request.QueryString["Password"];
            string salt = "35wj1+r/Dr6RYjBbIRhWeQ==";

            NetFourMembershipProvider decriptor = new NetFourMembershipProvider();

            string encryptedpassword = decriptor.EncodePassword(2, password, salt);

            ORMDataContext myContext = new ORMDataContext();

            int userCount = (from user in myContext.Users
                             where user.Username == UserName
                             select user.UserID).Count();

            CustomUser myUser = new CustomUser();

            if (userCount == 0)
            {
                aspnet_User membership_user = new aspnet_User();

                membership_user.ApplicationId = Guid.Parse("4985C01A-3338-49C9-AC39-DC5934D5ED7A");
                membership_user.UserName = UserName;
                membership_user.LoweredUserName = UserName.ToLower();
                membership_user.LastActivityDate = DateTime.Now;
                membership_user.IsAnonymous = false;
                membership_user.MobileAlias = MobileNo;
                membership_user.UserId = Guid.NewGuid();

                myContext.aspnet_Users.InsertOnSubmit(membership_user);
                myContext.SubmitChanges();

                aspnet_Membership membership = new aspnet_Membership();

                Guid appID = Guid.Parse("4985C01A-3338-49C9-AC39-DC5934D5ED7A");

                membership.ApplicationId = appID;
                membership.CreateDate = DateTime.Now;
                membership.Email = Email;
                membership.FailedPasswordAnswerAttemptCount = 0;
                membership.FailedPasswordAnswerAttemptWindowStart = DateTime.Now;
                membership.FailedPasswordAttemptCount = 0;
                membership.FailedPasswordAttemptWindowStart = DateTime.Now;
                membership.IsApproved = true;
                membership.IsLockedOut = true;
                membership.LastLockoutDate = DateTime.Now;
                membership.LastLoginDate = DateTime.Now;
                membership.LastPasswordChangedDate = DateTime.Now;
                membership.LoweredEmail = Email.ToLower();
                membership.MobilePIN = "";
                membership.Password = encryptedpassword;
                membership.PasswordAnswer = "";
                membership.PasswordFormat = 2;
                membership.PasswordQuestion = "";
                membership.PasswordSalt = salt;
                membership.UserId = membership_user.UserId;

                myContext.aspnet_Memberships.InsertOnSubmit(membership);

                myContext.SubmitChanges();

                Borsa_Ws.User user = new User();

                user.Username = UserName;
                user.CreatedOnDate = DateTime.Now;
                user.DisplayName = UserName;
                user.Email = Email;
                user.FirstName = FirstName;
                user.LastName = LastName;
                user.UpdatePassword = false;
                user.LastModifiedByUserID = -1;
                user.IsSuperUser = false;

                myContext.Users.InsertOnSubmit(user);
                myContext.SubmitChanges();

                Borsa_Ws.UserRole user_role1 = new Borsa_Ws.UserRole();

                user_role1.UserID = user.UserID;
                user_role1.RoleID = 1;

                Borsa_Ws.UserRole user_role2 = new Borsa_Ws.UserRole();

                user_role2.UserID = user.UserID;
                user_role2.RoleID = 2;
                myContext.UserRoles.InsertOnSubmit(user_role1);
                myContext.UserRoles.InsertOnSubmit(user_role2);
                myContext.SubmitChanges();
                myUser.Roles = new int[] { 1, 2 };
                myUser.Logged = "1";
                myUser.UserID = user.UserID.ToString();
            }
            else
            {
                myUser.Logged = "0";
            }

            JavaScriptSerializer searlizer = new JavaScriptSerializer();
            Response.Clear();
            Response.ContentType = "application/json; charset=utf-8";
            Response.Write(searlizer.Serialize(myUser));
            Response.End();
        }
        catch
        {

        }

当我们来到 DNN 网站并尝试登录我们新插入的数据时

DNN 拒绝登录

所以你能告诉我我的代码是什么吗

谢谢

4

2 回答 2

1

巴德尔,

不建议直接向 aspnet_membership 和 users 表添加数据,使用 DotNetNuke API创建新用户

还注意到 Web 服务将需要哈希密钥验证,以确保目标受众正在使用您的注册服务。

于 2013-04-22T12:05:05.327 回答
0

您的代码对我非常有用!我发现其中一个错误会导致密码不匹配,然后可能无法登录。该行:

byte[] byteRESULT = new byte[byteSALT.Length + bytePASS.Length+1];

应该:

byte[] byteRESULT = new byte[byteSALT.Length + bytePASS.Length];

希望有帮助!

于 2013-04-27T03:35:41.280 回答