0

テスト用に MVC ユーザーを作成するスクリプトを作成しようとしていますが、パスワード ハッシュの生成に問題があります。

HASHBYTEのドキュメントで説明されているように、次の SQL を使用しています。

INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(1,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);

ただし、生成されたハッシュは Base64 文字列ではなくバイナリのようです。

テスト データのハッシュはどのように生成すればよいですか?

-- DROP webpages_UsersInRoles
IF  EXISTS (SELECT * FROM sys.foreign_keys WHERE object_id = OBJECT_ID(N'[dbo].[fk_RoleId]') AND parent_object_id = OBJECT_ID(N'[dbo].[webpages_UsersInRoles]'))
ALTER TABLE [dbo].[webpages_UsersInRoles] DROP CONSTRAINT [fk_RoleId]
GO

IF  EXISTS (SELECT * FROM sys.foreign_keys WHERE object_id = OBJECT_ID(N'[dbo].[fk_UserId]') AND parent_object_id = OBJECT_ID(N'[dbo].[webpages_UsersInRoles]'))
ALTER TABLE [dbo].[webpages_UsersInRoles] DROP CONSTRAINT [fk_UserId]
GO

/****** Object:  Table [dbo].[webpages_UsersInRoles]    Script Date: 03/11/2013 23:47:49 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[webpages_UsersInRoles]') AND type in (N'U'))
DROP TABLE [dbo].[webpages_UsersInRoles]
GO

/****** Object:  Table [dbo].[webpages_Roles]    Script Date: 03/11/2013 23:52:45 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[webpages_Roles]') AND type in (N'U'))
DROP TABLE [dbo].[webpages_Roles]
GO

/****** Object:  Table [dbo].[UserProfile]    Script Date: 03/11/2013 23:53:09 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[UserProfile]') AND type in (N'U'))
DROP TABLE [dbo].[UserProfile]
GO

USE [Development_Membership]
GO

IF  EXISTS (SELECT * FROM dbo.sysobjects WHERE id = OBJECT_ID(N'[DF__webpages___IsCon__2F10007B]') AND type = 'D')
BEGIN
ALTER TABLE [dbo].[webpages_Membership] DROP CONSTRAINT [DF__webpages___IsCon__2F10007B]
END

GO

IF  EXISTS (SELECT * FROM dbo.sysobjects WHERE id = OBJECT_ID(N'[DF__webpages___Passw__300424B4]') AND type = 'D')
BEGIN
ALTER TABLE [dbo].[webpages_Membership] DROP CONSTRAINT [DF__webpages___Passw__300424B4]
END

GO

/****** Object:  Table [dbo].[webpages_OAuthMembership]    Script Date: 03/11/2013 23:53:46 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[webpages_OAuthMembership]') AND type in (N'U'))
DROP TABLE [dbo].[webpages_OAuthMembership]
GO

/****** Object:  Table [dbo].[webpages_Membership]    Script Date: 03/11/2013 23:53:29 ******/
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[webpages_Membership]') AND type in (N'U'))
DROP TABLE [dbo].[webpages_Membership]
GO


/*  Recreate Databases */

/****** Object:  Table [dbo].[webpages_OAuthMembership]    Script Date: 03/11/2013 23:54:33 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[webpages_OAuthMembership](
        [Provider] [nvarchar](30) NOT NULL,
        [ProviderUserId] [nvarchar](100) NOT NULL,
        [UserId] [int] NOT NULL,
PRIMARY KEY CLUSTERED 
(
        [Provider] ASC,
        [ProviderUserId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

CREATE TABLE [dbo].[webpages_Membership](
        [UserId] [int] NOT NULL,
        [CreateDate] [datetime] NULL,
        [ConfirmationToken] [nvarchar](128) NULL,
        [IsConfirmed] [bit] NULL,
        [LastPasswordFailureDate] [datetime] NULL,
        [PasswordFailuresSinceLastSuccess] [int] NOT NULL,
        [Password] [nvarchar](128) NOT NULL,
        [PasswordChangedDate] [datetime] NULL,
        [PasswordSalt] [nvarchar](128) NOT NULL,
        [PasswordVerificationToken] [nvarchar](128) NULL,
        [PasswordVerificationTokenExpirationDate] [datetime] NULL,
PRIMARY KEY CLUSTERED 
(
        [UserId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

ALTER TABLE [dbo].[webpages_Membership] ADD  DEFAULT ((0)) FOR [IsConfirmed]
GO

ALTER TABLE [dbo].[webpages_Membership] ADD  DEFAULT ((0)) FOR [PasswordFailuresSinceLastSuccess]
GO

CREATE TABLE [dbo].[webpages_Roles](
        [RoleId] [int] IDENTITY(1,1) NOT NULL,
        [RoleName] [nvarchar](256) NOT NULL,
PRIMARY KEY CLUSTERED 
(
        [RoleId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY],
UNIQUE NONCLUSTERED 
(
        [RoleName] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

CREATE TABLE [dbo].[UserProfile](
        [UserId] [int] IDENTITY(1,1) NOT NULL,
        [UserName] [nvarchar](56) NOT NULL,
PRIMARY KEY CLUSTERED 
(
        [UserId] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY],
UNIQUE NONCLUSTERED 
(
        [UserName] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO


INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser1')
INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser2')
INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser3')
INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser4')
INSERT INTO [UserProfile]([UserName]) VALUES ('TestUser5')

INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(1,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);
INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(2,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);
INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(3,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);
INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(4,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHBYTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);
INSERT INTO webpages_Membership([UserId],[CreateDate],[ConfirmationToken],[IsConfirmed],[LastPasswordFailureDate],[PasswordFailuresSinceLastSuccess],[Password],[PasswordChangedDate],[PasswordSalt],[PasswordVerificationToken],[PasswordVerificationTokenExpirationDate]) VALUES(5,'2013-01-01 00:00:00.000',NULL,1,NULL,0,HASHB

YTES('SHA1', CONVERT(nvarchar(4000),'!+test123')),'2013-01-01 00:00:00.000','',NULL,NULL);

ありがとう

4

2 に答える 2

0

次のように、Base-16 (Base-64 ではない) を使用し、バイナリ文字列の先頭に を追加することで、T-SQL の MSSQL サーバーにバイナリ データを提供できます0x

INSERT INTO binaryValues ( [SomeBinaryColumn] ) VALUES ( 0xDEADBEEF )

C# では、バイナリ値をSqlParameter直接、または次のように SQL を生成している場合に提供できます。

Byte[] hashData = GetHash();
StringBuilder sb = new StringBuilder( hashData.Length * 2 );
sb.Append("0x");
for(int i=0;i<hashData.Length;i++) {
    sb.Append( hashData[i].ToString("x2") );
}
return sb.ToString();
于 2013-03-12T00:21:23.200 に答える
0

SQL Server には、BASE64 エンコーディングのサポートが組み込まれています。

declare @source varbinary(max)
set @source = hashbytes('sha', '!+test123')

declare @encoded varchar(max)
set @encoded = cast('' as xml).value('xs:base64Binary(sql:variable("@source"))', 'varchar(max)')

しかし、必要な文字列が得られるかどうかはわかりません。結果の文字列がメンバーシップ テーブルの文字列よりも短いためです。たとえば、Membership テーブルでは、 'ABwa5RUTn98IqJxFaq3MXC2N6dtUT78HAUWuaI3Kl2BIgbBP0IkkVb70FtOYj9ib+A=='パスワード '123123' の (68 文字) 文字列を確認できますが、上記のコードは'YB8YiWZ++uuzO4wSVyg12j8Cf3g='同じパスワードに対して (28 文字) しか生成しません。

詳細については、 http://www.mikesdotnetting.com/Article/200/The-SimpleMembershipProvider-Secure-Passwords-And-The-Crypto-Helperをご覧ください。

于 2013-04-02T13:47:10.120 に答える