我有使用默认会员提供程序的 ASP .NET MVC 4 网站,该网站运行良好,现在我正在开发一个单独的 WCF Rest 服务以将现有数据库公开给 android 应用程序,下面是我用来在 WCF 中对用户进行身份验证的功能来自android的服务,但它没有成功通过身份验证我不知道我在这里做错了什么。
public static OperationResult Authenticate(string Username, string Password)
{
SqlConnection sqlCon = new SqlConnection(Params.GetConnectionString());
SqlCommand sqlCmd = new SqlCommand("SELECT Memberships.UserId,Password,PasswordSalt From Memberships " +
"INNER JOIN Users on Memberships.UserID = Users.UserID WHERE " +
"UserName = @Username OR Email = @Username", sqlCon);
sqlCmd.Parameters.Add("@Username", SqlDbType.NVarChar, 256).Value = Username;
OperationResult OR = new OperationResult();
Guid UserID = Guid.Empty;
string OriginalHash = string.Empty;
string SaltValue = string.Empty;
try
{
sqlCon.Open();
SqlDataReader reader = sqlCmd.ExecuteReader();
while (reader.Read())
{
UserID = reader.GetGuid(0);
OriginalHash = reader.GetString(1);
SaltValue = reader.GetString(2);
break;
}
reader.Close();
// username exists
if (UserID.CompareTo(Guid.Empty) != 0)
{
// compare password hashes
byte[] bIn = Encoding.Unicode.GetBytes(Password);
byte[] bSalt = Convert.FromBase64String(SaltValue);
byte[] bAll = new byte[bSalt.Length + bIn.Length];
byte[] bRet = null;
Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
HashAlgorithm s = HashAlgorithm.Create("SHA1");
bRet = s.ComputeHash(bAll);
string newHash = Convert.ToBase64String(bRet);
// check the hash in the datbase matched the new hash we generated
if (OriginalHash != newHash)
{
OR.Success = false;
OR.Messages = new string[] { "Incorrect Username/Password combination. Please try again" };
}
else
{
OR.Success = true;
OR.Messages = new string[] { "Success" };
}
}
else
{
OR.Success = false;
OR.Messages = new string[] { "Incorrect Username/Password combination. Please try again" };
}
}
catch (Exception ex)
{
OR.Success = false;
OR.Messages = new string[] { "authentication failed: " + ex.Message };
}
finally
{
sqlCon.Close();
}
return OR;
}