问题
I can't seem to find out how I should decrypt the encrypted password using sha1 via the membership provider.
I can't use the .GetPassword() method here because I'm retrieving the values from a sqldatasource and placing them into a gridview.
Here's the gridview:
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"
DataKeyNames="UserId" DataSourceID="SqlDataSource1"
EmptyDataText="There are no data records to display."
OnSelectedIndexChanged="GridView1_SelectedIndexChanged" >
<Columns>
<asp:CommandField ShowDeleteButton="True" ButtonType="Button" />
<asp:TemplateField HeaderText="Block users">
<ItemTemplate>
<asp:Button runat="server" ID="btnBlock" CommandName="Block" CommandArgument='<%# Eval("UserId") %>'
Text="Block" OnClick="btnBlock_Click" Visible='<%# !Convert.ToBoolean(Eval("IsLockedOut")) %>' />
<asp:Button runat="server" ID="btnDeblock" CommandName="Deblock" CommandArgument='<%# Eval("UserId") %>'
Text="Deblock" OnClick="btnBlock_Click" Visible='<%# Convert.ToBoolean(Eval("IsLockedOut")) %>' />
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Username">
<ItemTemplate>
<asp:Label ID="UserId" runat="server" Text='<%# Bind("UserId") %>' OnDataBinding="Decrypt" />
</ItemTemplate>
</asp:TemplateField>
<asp:BoundField DataField="UserId" HeaderText="User id" ReadOnly="True"
SortExpression="UserId" />
<asp:BoundField DataField="Email" HeaderText="Email" SortExpression="Email" />
<asp:BoundField DataField="LastLoginDate" HeaderText="Last login"
SortExpression="LastLoginDate" />
<asp:CheckBoxField DataField="IsLockedOut" HeaderText="Locked"
SortExpression="IsLockedOut" />
<asp:BoundField DataField="FailedPasswordAttemptCount"
HeaderText="Failed logins"
SortExpression="FailedPasswordAttemptCount" />
<asp:BoundField DataField="Comment" HeaderText="Comments"
SortExpression="Comment" />
</Columns>
</asp:GridView>
I have replaced the boundfield with an itemtemplate in a Templatefield. The label inside the itemtemplate is bound to the username, the label has also an OnDataBind="Decrypt" that should decrypt the value in the Text attribute of the label. I've been trying a few examples I found online (even from this forum), but my understanding of .net is not that fantastic yet. Here's what I tried in the decrypt() listener:
public void Decrypt(object sender, EventArgs e)
{
Label lbl = (Label)sender;
string decrypted = string.Empty;
UTF8Encoding encode = new UTF8Encoding();
Decoder Decode = encode.GetDecoder();
byte[] todecode_byte = Convert.FromBase64String(lbl.Text);
int charCount = Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
char[] decoded_char = new char[charCount];
Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
decrypted = new String(decoded_char);
lbl.Text = decrypted;
}
I was trying to get the username decrypted first, I suppose it's the same method for the password. To eleminate further questions, here's my setup in web.config
<membership defaultProvider="MembershipProvider">
<providers>
<clear/>
<add name="MembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="GustaafConnectionString"
applicationName="Gustaaf" enablePasswordRetrieval="true" enablePasswordReset="false" requiresQuestionAndAnswer="true"
requiresUniqueEmail="false" passwordFormat="Encrypted"/>
</providers>
</membership>
<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES"/>
回答1:
SHA1 is a hashing algorithm, not an encryption algorithm, and hashes are by definition one way, so they cannot be undone. as such you would never use sha to "decrypt" anything, let alone a hash.
your data appears to be encrypted by AES, not sha. also you are confusing encoding with encryption. Here is some infomation about using AES in .net: http://msdn.microsoft.com/en-us/library/system.security.cryptography.aes.aspx
encoding is all about interpreting byte data as characters in one scheme or another (ascii, unicode, UCT-8) so once you have the data decrypted, you may have to encode it into a string for display, but that is secondary to the decryption.
ADDENDUM: you may not be able to avoid using membership.GetPassword() since the encryption key in use in your membership DB implementation may not be retrievable. have you considered using an object datasource instead? then you could prefill a list of entries in code using .GetPassword() and bind them to the grid.
来源:https://stackoverflow.com/questions/13367725/asp-net-encrypted-membership-password-username-retrieval