问题
I'm planning to use this piece of code in my Asp.net app
string strUserInputtedHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(tbPassword.Text, "sha1");
if(strUserInputtedHashedPassword == GetUsersHashedPasswordUsingUserName(tbUserName.Text))
{
// sign-in successful
}
else
{
// sign-in failed
}
Is the Hashing machine dependent... In the sense, If I create some users in my development machine in my development DB... Once I post both DB and Application to production environment with the user table, will the password for the users be same...
Hope I made my question clearly... Otherwise, please let me know..
Thanks
回答1:
The hash is encoded and decoded using the machineKey in the machine.config, if you want the key to work against all tiers, make sure the keys in the machine.config files match.
This is basically the same problem you encounter with a web farm serving requests and validating each other's cookies...same solution.
来源:https://stackoverflow.com/questions/2249448/is-forms-authentication-hash-machine-dependent