Ce

Ce

关注
发信
关注(28)粉丝(399)

改变现有用户的machineKey prevents登录

本文介绍了改变现有用户的machineKey prevents登录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用的配置成员资格提供程序的Web.config 这样使用SQL CE:

I'm using Membership provider configured in Web.config like this to use SQL CE:

  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=|DataDirectory|\Users.sdf" providerName="System.Data.SqlServerCe.4.0" />
  </connectionStrings>


<membership defaultProvider="DefaultMembershipProvider">
  <providers>
    <clear />
    <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordFormat="Hashed" applicationName="/" />
  </providers>
</membership>

这正常工作,如果我有没有指定的machineKey。

This works correctly if I have no machinekey specified.

如果我一个的machineKey添加到的Web.config 如下,那么现有的用户不能再登录。不过,我可以创建新用户,他们可以登录

If I add a machinekey to the Web.config as follows, then existing users can no longer login. However I can create new users and they can log-in.

<machineKey validationKey="D829F10BE92767EC2F9E9FC53B2CF3952AAD386483D6E81E74B4BD84DBE66F71CA121581598FEA669892DBDE46507DF3C8028BBD8FD4E678557621141945171C" decryptionKey="D14678D1FB1777E10316163F6D97071CDF2A447FA15C172DC9525BA397BB0610" validation="SHA1" decryption="AES" />
<pages enableViewStateMac="true"/>

如果我删除的machineKey那么最初创建的用户可以登录一遍,新创建的用户则不能。

If I remove the machinekey then originally-created users can log-in again, and newly-created users cannot.

为什么添加的machineKey改变现有的用户是否可以登录,因为密码被散列不加密?

Why does adding a machinekey change whether existing users can log-in, given that the password is hashed not encrypted?

推荐答案

默认情况下,.Net框架4使用SHA256。请确保算法是在这两个地方一样,并尝试要么SHA1或SHA256。

By default, .Net Framework 4 use SHA256. Please make sure algorithm is same in both places, and try either SHA1 or SHA256.

<membership ... hashAlgorithmType="SHA1">
  <providers>
    ...
  </providers>
</membership>

<machineKey ... validation="SHA1" decryption="AES" />

这篇关于改变现有用户的machineKey prevents登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-27 19:48
Powered by LMLPHP ©2024 Ce 0.037085