The new MVC4 RTM internet application templates use the SimpleMembership providers as descibed here SimpleMembership
新的MVC4 RTM internet应用程序模板使用SimpleMembership提供程序作为简单的工具。
My existing MVC website uses the ASP.Membership framework and ideally I would like to migrate the user data in these tables to the new SimpleMembership tables. My reasons for wanting to do this are:
我现有的MVC网站使用ASP。成员资格框架,理想情况下,我希望将这些表中的用户数据迁移到新的simplembership表中。我这样做的原因是:
- Cleaner integration with the rest of the my database which uses EF
- 与使用EF的数据库的其余部分进行更清晰的集成
- Support for Azure and OAuth out of the box
- 支持Azure和OAuth的开箱即用
- Use latest MVC4 RTM Controllers/Views without needing to modify
- 使用最新的MVC4 RTM控制器/视图,无需修改
- I've always felt the existing membership implementation was a little bloated for what I needed
- 我一直觉得现有的成员资格实现对于我所需要的来说有点臃肿
So I wrote a SQL script today to migrate the data in the existing ASP.Net Membership tables into the new Simple Membership tables. This can be found here
因此,我今天编写了一个SQL脚本来迁移现有ASP中的数据。将会员表加入新的简单的会员表。这个可以在这里找到
Testing the login in my MVC 4 website the password verification is failing. I believe the SimpleMembership uses a different password algo than the old Membership framework as new passwords created under the SimpleMemberShip framework look a lot longer.
在我的MVC 4网站上测试登录密码验证失败。我认为simplembership使用的密码与旧的成员框架不同,因为在simplembership框架下创建的新密码看起来要长得多。
So my question is since I was using the "hashed" password format in the old ASP.Net membership providers and the users original password is irretrievable, what options do I have to get the SimpleMembership provider working.
我的问题是,因为我在旧的ASP中使用了“散列”密码格式。Net会员提供商和用户的原始密码是不可恢复的,我需要什么选项才能让simplembership提供程序工作。
I guessing some options are:
我猜有些选项是:
- Get my users to reset their passwords
- 让我的用户重置他们的密码
- Getting the SimpleMembership provider to use the same password algo as the old ASP.Net Membership providers.
- 让simplembership提供程序使用与旧的ASP相同的密码。网会员提供者。
- Revert the new MVC 4 RTM internet application templates to use the old ASP.Net MemberShip providers. This is the least desirable options for me as I would like to use the SimpleMemberShip framework.
- 恢复新的MVC 4 RTM internet应用程序模板来使用旧的ASP。网会员提供者。这是我最不喜欢的选项,因为我想使用simplembership框架。
I would suspect many people are also looking to migrate their existing membership databases to the new SimpleMemberShip provider.
我猜想,许多人也希望将现有的成员数据库迁移到新的simplembership提供程序。
Any help greatly appreciated.
任何帮助深表感谢。
Cheers
干杯
Jim
吉姆
3 个解决方案
#1
12
I'd like to surface Paul's comment in case anyone misses it and suggest his solution is the best I've seen.
我想公开保罗的评论,以防有人漏掉,并建议他的解决方案是我见过的最好的。
http://pretzelsteelersfan.blogspot.com/2012/11/migrating-legacy-apps-to-new.html
http://pretzelsteelersfan.blogspot.com/2012/11/migrating-legacy-apps-to-new.html
Thanks Paul
谢谢你保罗
#2
11
You have access to the plain text password when the user logs in, which gives you another option:
当用户登录时,您可以访问纯文本密码,这为您提供了另一个选项:
- Keep the old passwords in a separate table
- 将旧密码保存在单独的表中
- On login, first use the SimpleMembership method
- 登录时,首先使用simplembership方法
- If that fails, check against the old password table using the old hash algorithm (you'll need to make sure the plain text password is still in the context)
- 如果失败,使用旧哈希算法检查旧密码表(需要确保纯文本密码仍然在上下文中)
- If that succeeds, update the SimpleMembership tables, and remove from the old password table
- 如果成功,则更新simplembership表,并从旧的密码表中删除
The users wouldn't need to know about the change, and the active users would have a more secure hash. If you'd like to force the security upgrade in the future, you can warn the users that their accounts will be deleted after a year of inactivity, and just retire the two-step system.
用户不需要知道更改,而活动用户将有一个更安全的散列。如果您希望在未来强制进行安全升级,您可以警告用户,他们的帐户将在一年后被删除,然后退出两步系统。
#3
7
I had a similar issue, I should have written a tutorial / blog post on doing this, but my solution was to add the following to my web.config (this corresponds to option #2):
我有一个类似的问题,我应该写一篇关于这个问题的教程/博客,但是我的解决方案是在我的web上添加以下内容。配置(这对应于选项#2):
<system.web>
<membership hashAlgorithmType="SHA1" defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" etc.../>
</providers>
</membership>
<machineKey validation="SHA1" />
...
</system.web>
The interesting part of the code above is the "hashAlgorithmType". Setting that to SHA1 will use the old asp.net memberships hashing algorithm.
上面代码中有趣的部分是“hashAlgorithmType”。将其设置为SHA1将使用旧的asp.net memberships散列算法。
I'm also in a similar position -- I either have to ask my users to update their passwords or keep with the specific hash algorithm.
我也处在类似的位置——我要么要求我的用户更新他们的密码,要么使用特定的哈希算法。
Hope this helps! -Sig
希望这可以帮助!团体
#1
12
I'd like to surface Paul's comment in case anyone misses it and suggest his solution is the best I've seen.
我想公开保罗的评论,以防有人漏掉,并建议他的解决方案是我见过的最好的。
http://pretzelsteelersfan.blogspot.com/2012/11/migrating-legacy-apps-to-new.html
http://pretzelsteelersfan.blogspot.com/2012/11/migrating-legacy-apps-to-new.html
Thanks Paul
谢谢你保罗
#2
11
You have access to the plain text password when the user logs in, which gives you another option:
当用户登录时,您可以访问纯文本密码,这为您提供了另一个选项:
- Keep the old passwords in a separate table
- 将旧密码保存在单独的表中
- On login, first use the SimpleMembership method
- 登录时,首先使用simplembership方法
- If that fails, check against the old password table using the old hash algorithm (you'll need to make sure the plain text password is still in the context)
- 如果失败,使用旧哈希算法检查旧密码表(需要确保纯文本密码仍然在上下文中)
- If that succeeds, update the SimpleMembership tables, and remove from the old password table
- 如果成功,则更新simplembership表,并从旧的密码表中删除
The users wouldn't need to know about the change, and the active users would have a more secure hash. If you'd like to force the security upgrade in the future, you can warn the users that their accounts will be deleted after a year of inactivity, and just retire the two-step system.
用户不需要知道更改,而活动用户将有一个更安全的散列。如果您希望在未来强制进行安全升级,您可以警告用户,他们的帐户将在一年后被删除,然后退出两步系统。
#3
7
I had a similar issue, I should have written a tutorial / blog post on doing this, but my solution was to add the following to my web.config (this corresponds to option #2):
我有一个类似的问题,我应该写一篇关于这个问题的教程/博客,但是我的解决方案是在我的web上添加以下内容。配置(这对应于选项#2):
<system.web>
<membership hashAlgorithmType="SHA1" defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" etc.../>
</providers>
</membership>
<machineKey validation="SHA1" />
...
</system.web>
The interesting part of the code above is the "hashAlgorithmType". Setting that to SHA1 will use the old asp.net memberships hashing algorithm.
上面代码中有趣的部分是“hashAlgorithmType”。将其设置为SHA1将使用旧的asp.net memberships散列算法。
I'm also in a similar position -- I either have to ask my users to update their passwords or keep with the specific hash algorithm.
我也处在类似的位置——我要么要求我的用户更新他们的密码,要么使用特定的哈希算法。
Hope this helps! -Sig
希望这可以帮助!团体