问题
I need to match security answer entered by user and security answer stored in aspnet_Membership table. I dont want to use resetpassword("Securityanswer") method to verify user.
Is there any way to encrypt entered security answer or to decrypt stored security answer.
Thanks.
回答1:
/Convert entered sec ans to byte array/
Dim bytes As Byte() = Encoding.Unicode.GetBytes(secAns)
/This very importent to convert your key to base 64 string to get orginal hased password./
Dim src As Byte() = Convert.FromBase64String(key)
/*Concatenate sec ans and hash key*/
Dim dst As Byte() = New Byte(src.Length + (bytes.Length - 1)) {}
Buffer.BlockCopy(src, 0, dst, 0, src.Length)
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length)
/*Create algo object for SHA1*/
Dim algorithm As HashAlgorithm = HashAlgorithm.Create("SHA1")
/*Compute hash value of concatenated ans and key*/
Dim inArray As Byte() = algorithm.ComputeHash(dst)
/*Convert hashed ans back to string*/
Dim hashedAns As String = Convert.ToBase64String(inArray)
回答2:
I know this is sort of old.... But I could not get any of the posted answers to this question to work, but I figured out through trial and error, that the "security answer" is being stored similar to how the password is being stored (if you have password set to hash). I was able to use the following post's answer about passwords to accomplish the objective of the above original question: ASP.NET Membership C# - How to compare existing password/hash
I just used the salt from the password in the database and it worked like a charm. Hope this helps someone else pulling out their hair for days.
回答3:
there is no way to decrypt the security answer stored in the membership table. You can hash the answer that you receive and then compare it with the hashed values stored in the database. for that use FormsAuthentication.HashPasswordForStoringInConfigFile ..
来源:https://stackoverflow.com/questions/4897625/asp-net-membership-how-to-match-security-answer-explicitly