我正在为一个应用程序进行Auth0集成。我有一个使用ASP的现有应用程序。NET核心标识和当前具有常用表(AspNetUsers、AspNetRoles等(的SQL数据库。
问题是Auth0当前具有用于使用ASP的自定义数据库模板。NET成员资格提供程序(MVC3通用提供程序和MVC4简单成员资格(数据库,但不是ASP。NET核心标识。由于我不知道如何编写与我的ASP兼容所需的密码哈希。NET核心身份数据库,这是一个大问题。
有人有一个Auth0自定义数据库脚本的例子来处理现有的ASP吗。NET核心身份数据库?或者,至少是我自己用来编码的哈希算法?
有关更多信息,请访问ASP。NET Core Identity数据库有一个AspNetUsers表,该表包含以下列,这些列将对此集成感兴趣:
Id(PK,nvarchar,非空(Email(nvarchar,null(PasswordHash(nvarchar,null(SecurityStamp(nvarchar,null(UserName(nvarchar,非空(
为了清楚起见,我询问如何在用JavaScript编写的Auth0配置中设置自定义数据库脚本;而不是ASP。NET web应用程序代码。根据文档,该网络应用程序非常简单。只是Auth0内置的自定义数据库模板没有包含用于ASP的示例。NET核心标识数据库架构和密码哈希。
如有任何帮助,我们将不胜感激!
您需要弄清楚所使用的哈希算法,并使用Auth0文档修改模板中的脚本,以使其正确。您可以在aspnet标识pw项目中找到该算法的代码。
以下是Auth0的登录数据库操作脚本示例,该脚本可与ASP一起使用。NET Core Identity 2.0数据库存储在Azure SQL数据库中:
function login (username, password, callback) {
var Connection = require('tedious@1.11.0').Connection;
var Request = require('tedious@1.11.0').Request;
var TYPES = require('tedious@1.11.0').TYPES;
var connection = new Connection({
userName: configuration.db_username + '@' + configuration.db_server,
password: configuration.db_password,
server: configuration.db_server, //'dbserver.database.windows.net',
options: {
database: configuration.db_database,
encrypt: true
}
});
connection.on('debug', function(text) {
// if you have connection issues, uncomment this to get more detailed info
//console.log(text);
}).on('errorMessage', function(text) {
// this will show any errors when connecting to the SQL database or with the SQL statements
//console.log(JSON.stringify(text));
});
connection.on('connect', function (err) {
if (err) {
console.log('error: ' + JSON.stringify(err));
return callback(err);
}
getMembershipUser(username, function(err, user) {
if (err) {
return callback(err); // this will return a 500
}
if (!user.profile) {
return callback(); // this will return a 401
}
validatePassword(password, user.password.hash, function(err, isValid) {
if (!isValid) {
return callback(); // unauthorized
}
callback(null, user.profile);
});
});
});
// Membership Provider implementation used with ASP.NET Core Identity database
/**
* getMembershipUser
*
* This function gets a username or email and returns a user info, password hashes and salt
*
* @usernameOrEamil {[string]} the username or email, the method will do a query
* on both with an OR
* @callback {[Function]} first argument will be the Error if any, and second
* argument will be a user object
*/
function getMembershipUser(usernameOrEmail, callback) {
var user = {};
var query =
'SELECT Id, UserName, Email, PasswordHash, SecurityStamp from AspNetUsers ' +
'WHERE UserName = @UserName';
var getMembershipQuery = new Request(query);
getMembershipQuery.addParameter('UserName', TYPES.VarChar, usernameOrEmail);
getMembershipQuery.on('row', function (fields) {
user.profile = {};
user.password = {};
for(var f in fields) {
var item = fields[f];
if (item.metadata.colName === 'Id') {
user.profile.user_id = item.value;
} else if (item.metadata.colName === 'UserName') {
user.profile.nickname = item.value;
} else if (item.metadata.colName ==='Email') {
user.profile.email = item.value;
} else if (item.metadata.colName ==='PasswordHash') {
user.password.hash = item.value;
}
}
//console.log('User: ' + JSON.stringify(user));
callback(null, user);
});
connection.execSql(getMembershipQuery);
}
/**
* validatePassword
*
* This function gets the password entered by the user, and the original password
* hash and salt from database and performs an HMAC SHA256 hash.
*
* @password {[string]} the password entered by the user
* @originalHash {[string]} the original password hashed from the database
* (including the salt).
* @return {[bool]} true if password validates
*/
function validatePassword(password, originalHash, callback) {
aspnet_identity_pw.validatePassword(password, originalHash, function(result, isValid) {
console.log('Is Password Valid: ' + isValid);
callback(null, isValid);
});
}
var aspnet_identity_pw = {
validatePassword: function(password, hashedPassword, callback) {
// Original Source:
// https://github.com/Syncbak-Git/aspnet-identity-pw/blob/master/lib/aspnet-identity-pw.js
// https://www.npmjs.com/package/aspnet-identity-pw
// There were some slight modifications to make it run well in Auth0
var done = false;
var error = null;
var result = null;
if(!hashedPassword) {
if(callback) {
callback(null, false);
}
return false;
}
if(!password) {
error = new Error("Password is required.");
if(callback) {
callback(error);
return;
}
throw error;
}
var src = new Buffer(hashedPassword, 'base64');
if(src.length !== 49 || src[0] !== 0) {
return false;
}
var salt = new Buffer(16);
src.copy(salt, 0, 1, 17);
var bytes = new Buffer(32);
src.copy(bytes, 0, 17, 49);
var hashed = crypto.pbkdf2Sync(password, salt, 1000, 32, 'sha1');
result = true;
for(var i = 0; i < 32; i++) {
if(bytes[i] !== hashed[i]) {
result = false;
break;
}
}
done = true;
if(callback) {
callback(null, result);
}
if(!callback) {
throw 'callback required!';
}
}
};
}
这似乎花了很长时间才完全弄清楚。特别是为了对密码哈希算法进行编码,直到偶然发现js项目中列出了它的代码
希望这能帮助其他人!