Skip to content

Instantly share code, notes, and snippets.

@taurenshaman

taurenshaman/Append or update

Created June 14, 2013 11:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save taurenshaman/5781194 to your computer and use it in GitHub Desktop.
Save taurenshaman/5781194 to your computer and use it in GitHub Desktop.
Download ZIP
Simple Enhancement for User's password @ FunnelWeb
Raw
Append or update
【add Script0033.sql】
--add Salt field to User table
alter table $schema$.[User] add [Salt] nchar(32) null
go
【FunnelWeb.Model.Authentication.Mappings.UserMapping.cs】
Append:
Map( x => x.Salt );
【FunnelWeb.Authentication.Internal.SqlAuthenticator.cs】
private bool SqlAuthenticateAndLogin(string username, string password)
{
//var user = sessionFactory().QueryOver<User>()
// .Where(u => u.Username == username && u.Password == SqlFunnelWebMembership.HashPassword(password, u.Salt))
// .SingleOrDefault();
var user = sessionFactory().QueryOver<User>()
.Where( u => u.Username == username ).SingleOrDefault();
if ( user != null ) {
string pwd = SqlFunnelWebMembership.HashPassword( password, user.Salt );
if ( pwd != user.Password )
user = null;
}
// ...
// ...
}
【FunnelWeb.Utilities.StringExtensions.cs】
/// <summary>
/// 创建一个Guid字符串,去掉了所有符号,只剩32位数字或小写字母,如bea8b23f69574b0c8832b5723c3aae71
/// </summary>
/// <returns></returns>
public static string NewGuid_PlainLower() {
return Guid.NewGuid().ToString().Replace( "-", "" ).ToLower();
}
Raw
FunnelWeb.Authentication.Internal.SqlFunnelWebMembership.cs
public User CreateAccount(string name, string email, string username, string password)
{
var user = new User
{
Name = name,
Email = email,
Salt = Utilities.StringExtensions.NewGuid_PlainLower(),
//Password = HashPassword(password),
Username = username
};
user.Password = HashPassword( password, user.Salt );
DependencyResolver.Current.GetService<ISession>().Save(user);
return user;
}
/// <summary>
/// 更安全的验证方式。
/// </summary>
/// <param name="password"></param>
/// <returns></returns>
internal static string HashPassword( string password, string salt ) {
// should add Salt to User first
return IntensifyPassword( password, salt );
}
/// <summary>
/// 增强密码(二次加密)
/// </summary>
/// <param name="originalPwd"></param>
/// <param name="salt"></param>
/// <returns></returns>
internal static string IntensifyPassword( string pwd, string salt ) {
string part1 = FormsAuthentication.HashPasswordForStoringInConfigFile( pwd, FormsAuthPasswordFormat.SHA1.ToString() );
string part2 = FormsAuthentication.HashPasswordForStoringInConfigFile( salt, FormsAuthPasswordFormat.SHA1.ToString() );
// part1和part2都是长为40的字符串,总长即80,将其视为一个5X16的矩阵
// 排列规则为,依次从part1和part2中取一个字符,从左到右、从上到下排列
StringBuilder sb = new StringBuilder();
// 下面的双重循环是从5x16的矩阵中,5行16列,每行选取8个最后仍然是40个字符
for ( int i = 0; i < 5; i++ ) {
for ( int j = 0; j < 8; j++ ) {
int pos = i * 8 + j;
if ( i % 2 == 0 ) { // 奇数行: part1
sb.Append( part1[pos] );
}
else { // 偶数行: part2
sb.Append( part2[pos] );
}
}
}
// 再次加密
return FormsAuthentication.HashPasswordForStoringInConfigFile( sb.ToString(), FormsAuthPasswordFormat.SHA1.ToString() );
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment