zoukankan
html css js c++ java
安全解密
using
System;
using
System.Collections;
using
System.ComponentModel;
using
System.Data;
using
System.Drawing;
using
System.Web;
using
System.Web.SessionState;
using
System.Web.UI;
using
System.Web.UI.WebControls;
using
System.Web.UI.HtmlControls;
using
System.Data.SqlClient;
using
System.Web.Security;
using
System.Security.Cryptography;
using
System.Text;
using
System.IO;
namespace
CommandExample
{
/**/
///
<summary>
///
login 的摘要说明。
///
</summary>
public
class
Login01 : System.Web.UI.Page
{
protected
System.Web.UI.WebControls.Label Label1;
protected
System.Web.UI.WebControls.TextBox tbName;
protected
System.Web.UI.WebControls.TextBox tbPass;
protected
System.Web.UI.WebControls.Button btnLoginBetter;
protected
System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator1;
protected
System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator2;
protected
System.Web.UI.WebControls.CheckBox PersistCookie;
protected
System.Web.UI.WebControls.Label Label2;
private
void
Page_Load(
object
sender, System.EventArgs e)
{
//
在此处放置用户代码以初始化页面
}
Web Form Designer generated code
#region
Web Form Designer generated code
override
protected
void
OnInit(EventArgs e)
{
//
//
CODEGEN:该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base
.OnInit(e);
}
/**/
///
<summary>
///
设计器支持所需的方法 - 不要使用代码编辑器修改
///
此方法的内容。
///
</summary>
private
void
InitializeComponent()
{
this
.btnLoginBetter.Click
+=
new
System.EventHandler(
this
.btnLoginBetter_Click);
this
.Load
+=
new
System.EventHandler(
this
.Page_Load);
}
#endregion
private
void
btnLoginBetter_Click(
object
sender, System.EventArgs e)
{
bool
bExist
=
AuthenticateUser(tbName.Text,tbPass.Text);
if
(bExist)
{
//
1)
//
创建一个验证票据
//
相当于产生一个COOKIE
FormsAuthenticationTicket ticket
=
new
FormsAuthenticationTicket(
1
, tbName.Text,DateTime.Now,
DateTime.Now.AddMinutes(
30
),PersistCookie.Checked,
"
User
"
);
//
2)
//
并且加密票据
string
cookieStr
=
FormsAuthentication.Encrypt(ticket);
//
3) 创建cookie
//
并且是以当前forms name=".MYWEB"命名,你可以自定义名称
HttpCookie cookie
=
new
HttpCookie(FormsAuthentication.FormsCookieName,cookieStr);
//
FormsAuthentication.FormsCookieName
if
(PersistCookie.Checked)
//
如果用户选择了保存密码
cookie.Expires
=
ticket.Expiration;
//
设置cookie有效期为票据有效期
//
cookie存放路径
cookie.Path
=
FormsAuthentication.FormsCookiePath;
//
将cookie写入到系统中cookie文件中
Response.Cookies.Add(cookie);
//
4) do a redirect
string
strRedirect;
strRedirect
=
Request[
"
ReturnUrl
"
].ToString();
if
(strRedirect
==
null
)
strRedirect
=
"
default.aspx
"
;
Response.Redirect(strRedirect,
true
);
}
else
Response.Write(
"
<script language='javascript'>alert('用户名称或密码错误!')</script>
"
);
}
private
bool
ArraysEqual(
byte
[] array1,
byte
[] array2)
{
bool
bResult
=
true
;
if
(array1
==
null
)
throw
new
ArgumentNullException(
"
array1
"
);
if
(array2
==
null
)
throw
new
ArgumentNullException(
"
array2
"
);
if
(array1.Length
==
array2.Length)
{
for
(
int
i
=
0
;i
<
array1.Length;i
++
)
{
if
(array1[i]
!=
array2[i])
{
bResult
=
false
;
break
;
}
}
}
return
bResult;
}
private
bool
AuthenticateUser(
string
strUserName,
string
strUserPass)
{
SqlConnection con
=
new
SqlConnection();
con.ConnectionString
=
System.Configuration.ConfigurationSettings.AppSettings[
"
DSN
"
];
con.Open();
string
strSql
=
"
sp_getuserdetails
"
;
SqlCommand com
=
new
SqlCommand(strSql,con);
com.CommandType
=
CommandType.StoredProcedure;
SqlParameter sqlpUser
=
new
SqlParameter(
"
@acctname
"
,SqlDbType.NVarChar,
64
);
sqlpUser.Value
=
tbName.Text;
SqlParameter sqlpPasshash
=
new
SqlParameter(
"
@passhash
"
,SqlDbType.NVarChar,
50
);
sqlpPasshash.Direction
=
ParameterDirection.Output;
SqlParameter sqlpPasssalt
=
new
SqlParameter(
"
@passsalt
"
,SqlDbType.NVarChar,
50
);
sqlpPasssalt.Direction
=
ParameterDirection.Output;
com.Parameters.Add(sqlpUser);
com.Parameters.Add(sqlpPasssalt);
com.Parameters.Add(sqlpPasshash);
com.ExecuteNonQuery();
string
hash
=
com.Parameters[
"
@passhash
"
].Value.ToString();
string
salt
=
com.Parameters[
"
@passsalt
"
].Value.ToString();
bool
bExist
=
false
;
if
(hash
==
null
||
salt
==
null
)
bExist
=
false
;
else
{
byte
[] saltBits
=
Convert.FromBase64String(salt);
byte
[] hashBits
=
Convert.FromBase64String(hash);
byte
[] passBits
=
Encoding.Unicode.GetBytes(strUserPass);
HashAlgorithm hashAlg
=
SHA1.Create();
CryptoStream cs
=
new
CryptoStream(Stream.Null,hashAlg,CryptoStreamMode.Write);
cs.Write(passBits,
0
,passBits.Length);
cs.Write(saltBits,
0
,saltBits.Length);
cs.FlushFinalBlock();
cs.Close();
byte
[] digest
=
hashAlg.Hash;
if
(ArraysEqual(digest,hashBits))
bExist
=
true
;
else
bExist
=
false
;
}
con.Close();
return
bExist;
}
}
}
上面代码中使用了一个存储过程
sp_getuserdetails,这个存储过程的代码如下
CREATE
PROCEDURE
sp_getuserdetails
@acctname
varchar
(
64
),
@passhash
varchar
(
50
) out,
@passsalt
varchar
(
50
) out
AS
select
@passhash
=
passwordHash,
@passsalt
=
passwordSalt
from
formsUserInfo
where
userName
=
@acctname
GO
这里和大家分享和学习如何学IT!
查看全文
相关阅读:
mybatis2入门程序
mybatis1
mybeats与jdbc问题分析
mysqljdbc简单连接释放
jdbc问题记录
section,article,div
HB调试前端开发移动
HTML,XML,XHTML
访问地图
OAuth
原文地址:https://www.cnblogs.com/fuchifeng/p/627247.html
最新文章
qtsqlbase 参数化访问数据库 SqlCommand cmd=cnn.CreateCommand()
给网页的easyui_input赋值,加上一句话才能成功,苦苦找寻了几年的方法,
解决easyui_input无法清空的方法,如何清空easyui_input的内容
python控制已经打开的浏览器_使用python+selenium控制手工已打开的浏览器心得
结合几个delphi例子,自己写的array结构体排序,用了一天的时间才写好
delphi中使用array结构体最好的例子
网上找到的一个保存数数到access的例子
delphi无法读取accdb数据库的解决方法
IOS
IOS
热门文章
IOS-模糊搜索(支持中文,拼音,字母)
CocoaPod常用命令
IOS
IOS-网络SOCKET操作
IOS-网络访问原理及TCP与UDP区别
IOS-网络操作注意事项
IOS-网络操作
IOS-网络基础
牛津同义词2
牛津同义词1
Copyright © 2011-2022 走看看