0

我需要将现有的 ASP.NET OWIN 数据库与 Auth0 一起使用。我遇到的一个问题是我需要用 JavaScript(用于 Auth0 动作脚本)编写一个函数,该函数接受一个明文密码,对其进行散列并将该散列与 OWIN 数据库中的现有散列进行比较。哈希是使用 ASP.NET Identity UserManager 类创建的。

如何复制 UserManager 在 JavaScript 中使用的算法?

在此先感谢,亚瑟。

4

1 回答 1

0

找到了答案。您可以使用此 C# 代码片段,该代码片段从使用 edge 的节点具有密码,就像 UserManager 在 ASP.NET Identity 中所做的那样。

var edge = require('edge');

  var verifyHash = edge.func(function() {/*
    using System;
    using System.Runtime.CompilerServices;
    using System.Security.Cryptography;
    using System.Threading.Tasks;
    using System.Runtime.InteropServices;
    using System.Security.Principal;

    internal static class Crypto
    {
        private const int PBKDF2IterCount = 1000; // default for Rfc2898DeriveBytes
        private const int PBKDF2SubkeyLength = 256/8; // 256 bits
        private const int SaltSize = 128/8; // 128 bits

        public static string HashPassword(string password)
        {
            if (password == null)
            {
                throw new ArgumentNullException("password");
            }

            // Produce a version 0 (see comment above) text hash.
            byte[] salt;
            byte[] subkey;
            using (var deriveBytes = new Rfc2898DeriveBytes(password, SaltSize, PBKDF2IterCount))
            {
                salt = deriveBytes.Salt;
                subkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
            }

            var outputBytes = new byte[1 + SaltSize + PBKDF2SubkeyLength];
            Buffer.BlockCopy(salt, 0, outputBytes, 1, SaltSize);
            Buffer.BlockCopy(subkey, 0, outputBytes, 1 + SaltSize, PBKDF2SubkeyLength);
            return Convert.ToBase64String(outputBytes);
        }

        // hashedPassword must be of the format of HashWithPassword (salt + Hash(salt+input)
        public static bool VerifyHashedPassword(string hashedPassword, string password)
        {
            if (hashedPassword == null)
            {
                return false;
            }
            if (password == null)
            {
                throw new ArgumentNullException("password");
            }

            var hashedPasswordBytes = Convert.FromBase64String(hashedPassword);

            // Verify a version 0 (see comment above) text hash.

            if (hashedPasswordBytes.Length != (1 + SaltSize + PBKDF2SubkeyLength) || hashedPasswordBytes[0] != 0x00)
            {
                // Wrong length or version header.
                return false;
            }

            var salt = new byte[SaltSize];
            Buffer.BlockCopy(hashedPasswordBytes, 1, salt, 0, SaltSize);
            var storedSubkey = new byte[PBKDF2SubkeyLength];
            Buffer.BlockCopy(hashedPasswordBytes, 1 + SaltSize, storedSubkey, 0, PBKDF2SubkeyLength);

            byte[] generatedSubkey;
            using (var deriveBytes = new Rfc2898DeriveBytes(password, salt, PBKDF2IterCount))
            {
                generatedSubkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
            }
            return ByteArraysEqual(storedSubkey, generatedSubkey);
        }

        // Compares two byte arrays for equality. The method is specifically written so that the loop is not optimized.
        [MethodImpl(MethodImplOptions.NoOptimization)]
        private static bool ByteArraysEqual(byte[] a, byte[] b)
        {
            if (ReferenceEquals(a, b))
            {
                return true;
            }

            if (a == null || b == null || a.Length != b.Length)
            {
                return false;
            }

            var areSame = true;
            for (var i = 0; i < a.Length; i++)
            {
                areSame &= (a[i] == b[i]);
            }
            return areSame;
        }
    }

    class Startup
    {
        public async Task<object> Invoke(dynamic input)
        {
            return await Task<object>.Run(() => { 
                return Task.FromResult<object>(Crypto.VerifyHashedPassword (input.hashedPassword, input.providedPassword));
            });
        }
    }
*/});

  verifyHash({ hashedPassword: 'AONmKUXiPKhN1J+t8DwCp2uTq3TBcJNabcc4HuQkx+uwO+5+yRJZreJ9jZyxyGzhzg==', providedPassword: 'abc' }, function (error, result) {
    if (error) {
      console.log(error);
    }
    else {
      if (result) {
        // Password matches!
      }
    }
  });
于 2015-09-04T08:34:25.423 回答