<legend id='hGP9D'><style id='hGP9D'><dir id='hGP9D'><q id='hGP9D'></q></dir></style></legend>

        <small id='hGP9D'></small><noframes id='hGP9D'>

      1. <i id='hGP9D'><tr id='hGP9D'><dt id='hGP9D'><q id='hGP9D'><span id='hGP9D'><b id='hGP9D'><form id='hGP9D'><ins id='hGP9D'></ins><ul id='hGP9D'></ul><sub id='hGP9D'></sub></form><legend id='hGP9D'></legend><bdo id='hGP9D'><pre id='hGP9D'><center id='hGP9D'></center></pre></bdo></b><th id='hGP9D'></th></span></q></dt></tr></i><div id='hGP9D'><tfoot id='hGP9D'></tfoot><dl id='hGP9D'><fieldset id='hGP9D'></fieldset></dl></div>

      2. <tfoot id='hGP9D'></tfoot>
          <bdo id='hGP9D'></bdo><ul id='hGP9D'></ul>

        使用 LDAP 验证之前的哈希密码

        Hash password before validate with LDAP(使用 LDAP 验证之前的哈希密码)
        • <i id='XacHo'><tr id='XacHo'><dt id='XacHo'><q id='XacHo'><span id='XacHo'><b id='XacHo'><form id='XacHo'><ins id='XacHo'></ins><ul id='XacHo'></ul><sub id='XacHo'></sub></form><legend id='XacHo'></legend><bdo id='XacHo'><pre id='XacHo'><center id='XacHo'></center></pre></bdo></b><th id='XacHo'></th></span></q></dt></tr></i><div id='XacHo'><tfoot id='XacHo'></tfoot><dl id='XacHo'><fieldset id='XacHo'></fieldset></dl></div>

          <legend id='XacHo'><style id='XacHo'><dir id='XacHo'><q id='XacHo'></q></dir></style></legend>

              <tbody id='XacHo'></tbody>
            • <tfoot id='XacHo'></tfoot>
                  <bdo id='XacHo'></bdo><ul id='XacHo'></ul>

                  <small id='XacHo'></small><noframes id='XacHo'>

                  本文介绍了使用 LDAP 验证之前的哈希密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我有一个基于网络的工具.在登录表单上,密码将在发送之前进行哈希处理.没关系,数据库只存储散列密码.

                  I have a web-based-tool. On the login-form, the password will hashed before sending it. All fine, the database stores only hashed passwords.

                  现在,我们希望通过 DirectoryEntry 使用 LDAP 登录.但是构造函数只接受普通密码.

                  Now, we want a login with LDAP over DirectoryEntry. But the constructor only accepts plain passwords.

                  我的问题:如何将散列密码传递给 DirectoryEntry-class?

                  My question: How can I pass hashed passwords to DirectoryEntry-class?

                  当前方法:

                      public bool isAuthenticated(string domain, string username, string pwd)
                      {
                          string domainAndUsername = domain + @"" + username;
                          DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
                  
                          try
                          {
                              Object obj = entry.NativeObject;
                              return true;
                          }
                          catch
                          {
                              return false;
                          }
                      }
                  

                  推荐答案

                  我不懂 C#,但就 LDAP 协议而言,没有办法使用已经散列的密码进行身份验证.

                  I do not know C#, but as far as LDAP protocol goes, there is no way to authenticate with an already hashed password.

                  为什么在传输之前需要对密码进行哈希处理?

                  Why do you need to hash the password before transmitting it?

                  如果要避免通过网络传输,最简单的解决方案是通过 SSL 连接到 LDAP 目录.

                  If it is to avoid transmitting it over the network, the easiest solution to use would be to connect to the LDAP directory over SSL.

                  作为旁注,IMO,传输散列密码不如明文安全:

                  As a side note, IMO, transmitting the hashed password is less secure than the clear one :

                  • 如果攻击者拦截了请求,他将能够使用他找到的数据进行身份验证
                  • 如果攻击者成功转储数据库并检索到散列密码,如果他需要做的只是将其传输以进行身份验证,那么存储散列密码的事实将变得毫无用处

                  编辑:附加信息

                  Edit : Additionnal information

                  我不知道你使用的是哪个 LDAP 目录,但是在 OpenLDAP 上,如果你不使用绑定操作,你可以实现这种机制(例如,你将无法使用密码策略覆盖).

                  I don't know which LDAP directory you use, but on OpenLDAP, you could implement this kind of mechanism if you don't use the bind operation (for example, you won't be able to use the password policy overlay).

                  您可以实现 SASL 代理授权 到:

                  • 使用技术帐户连接到目录
                  • 搜索并检索尝试登录的条目用户
                  • 测试自定义哈希密码属性是否提供的哈希是存储的密码
                  • 与另一个具有代理授权的技术帐户重新绑定以充当该用户

                  它将允许您仍然从 ACL 机制和日志系统中受益于执行的用户操作

                  It will allows you to still benefit from the ACL mechanism and logging system for users operations performed

                  但是:这将仅在 OpenLDAP 上可用(或者如果另一个 LDAP 实现提供相同的机制)并且它并不是 LDAP 协议的最先进技术;)

                  BUT: This will be available only on OpenLDAP (or if another LDAP implemenation offer the same mechanism) and it is not really the most state of the art about the LDAP protocol ;)

                  这篇关于使用 LDAP 验证之前的哈希密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                  相关文档推荐

                  Adding and removing users from Active Directory groups in .NET(在 .NET 中的 Active Directory 组中添加和删除用户)
                  set equality in linq(在 linq 中设置相等)
                  HashSet conversion to List(HashSet 转换为 List)
                  How to set timeout for webBrowser navigate event(如何为 webBrowser 导航事件设置超时)
                  Test whether two IEnumerablelt;Tgt; have the same values with the same frequencies(测试两个IEnumerablelt;Tgt;具有相同频率的相同值)
                  How do you determine if two HashSets are equal (by value, not by reference)?(您如何确定两个 HashSet 是否相等(按值,而不是按引用)?)

                      1. <i id='xWqem'><tr id='xWqem'><dt id='xWqem'><q id='xWqem'><span id='xWqem'><b id='xWqem'><form id='xWqem'><ins id='xWqem'></ins><ul id='xWqem'></ul><sub id='xWqem'></sub></form><legend id='xWqem'></legend><bdo id='xWqem'><pre id='xWqem'><center id='xWqem'></center></pre></bdo></b><th id='xWqem'></th></span></q></dt></tr></i><div id='xWqem'><tfoot id='xWqem'></tfoot><dl id='xWqem'><fieldset id='xWqem'></fieldset></dl></div>
                          <tbody id='xWqem'></tbody>
                        <tfoot id='xWqem'></tfoot>

                          <bdo id='xWqem'></bdo><ul id='xWqem'></ul>
                          <legend id='xWqem'><style id='xWqem'><dir id='xWqem'><q id='xWqem'></q></dir></style></legend>

                          <small id='xWqem'></small><noframes id='xWqem'>