zoukankan
html css js c++ java
安全解密
using
System;
using
System.Collections;
using
System.ComponentModel;
using
System.Data;
using
System.Drawing;
using
System.Web;
using
System.Web.SessionState;
using
System.Web.UI;
using
System.Web.UI.WebControls;
using
System.Web.UI.HtmlControls;
using
System.Data.SqlClient;
using
System.Web.Security;
using
System.Security.Cryptography;
using
System.Text;
using
System.IO;
namespace
CommandExample
{
/**/
///
<summary>
///
login 的摘要说明。
///
</summary>
public
class
Login01 : System.Web.UI.Page
{
protected
System.Web.UI.WebControls.Label Label1;
protected
System.Web.UI.WebControls.TextBox tbName;
protected
System.Web.UI.WebControls.TextBox tbPass;
protected
System.Web.UI.WebControls.Button btnLoginBetter;
protected
System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator1;
protected
System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator2;
protected
System.Web.UI.WebControls.CheckBox PersistCookie;
protected
System.Web.UI.WebControls.Label Label2;
private
void
Page_Load(
object
sender, System.EventArgs e)
{
//
在此处放置用户代码以初始化页面
}
Web Form Designer generated code
#region
Web Form Designer generated code
override
protected
void
OnInit(EventArgs e)
{
//
//
CODEGEN:该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base
.OnInit(e);
}
/**/
///
<summary>
///
设计器支持所需的方法 - 不要使用代码编辑器修改
///
此方法的内容。
///
</summary>
private
void
InitializeComponent()
{
this
.btnLoginBetter.Click
+=
new
System.EventHandler(
this
.btnLoginBetter_Click);
this
.Load
+=
new
System.EventHandler(
this
.Page_Load);
}
#endregion
private
void
btnLoginBetter_Click(
object
sender, System.EventArgs e)
{
bool
bExist
=
AuthenticateUser(tbName.Text,tbPass.Text);
if
(bExist)
{
//
1)
//
创建一个验证票据
//
相当于产生一个COOKIE
FormsAuthenticationTicket ticket
=
new
FormsAuthenticationTicket(
1
, tbName.Text,DateTime.Now,
DateTime.Now.AddMinutes(
30
),PersistCookie.Checked,
"
User
"
);
//
2)
//
并且加密票据
string
cookieStr
=
FormsAuthentication.Encrypt(ticket);
//
3) 创建cookie
//
并且是以当前forms name=".MYWEB"命名,你可以自定义名称
HttpCookie cookie
=
new
HttpCookie(FormsAuthentication.FormsCookieName,cookieStr);
//
FormsAuthentication.FormsCookieName
if
(PersistCookie.Checked)
//
如果用户选择了保存密码
cookie.Expires
=
ticket.Expiration;
//
设置cookie有效期为票据有效期
//
cookie存放路径
cookie.Path
=
FormsAuthentication.FormsCookiePath;
//
将cookie写入到系统中cookie文件中
Response.Cookies.Add(cookie);
//
4) do a redirect
string
strRedirect;
strRedirect
=
Request[
"
ReturnUrl
"
].ToString();
if
(strRedirect
==
null
)
strRedirect
=
"
default.aspx
"
;
Response.Redirect(strRedirect,
true
);
}
else
Response.Write(
"
<script language='javascript'>alert('用户名称或密码错误!')</script>
"
);
}
private
bool
ArraysEqual(
byte
[] array1,
byte
[] array2)
{
bool
bResult
=
true
;
if
(array1
==
null
)
throw
new
ArgumentNullException(
"
array1
"
);
if
(array2
==
null
)
throw
new
ArgumentNullException(
"
array2
"
);
if
(array1.Length
==
array2.Length)
{
for
(
int
i
=
0
;i
<
array1.Length;i
++
)
{
if
(array1[i]
!=
array2[i])
{
bResult
=
false
;
break
;
}
}
}
return
bResult;
}
private
bool
AuthenticateUser(
string
strUserName,
string
strUserPass)
{
SqlConnection con
=
new
SqlConnection();
con.ConnectionString
=
System.Configuration.ConfigurationSettings.AppSettings[
"
DSN
"
];
con.Open();
string
strSql
=
"
sp_getuserdetails
"
;
SqlCommand com
=
new
SqlCommand(strSql,con);
com.CommandType
=
CommandType.StoredProcedure;
SqlParameter sqlpUser
=
new
SqlParameter(
"
@acctname
"
,SqlDbType.NVarChar,
64
);
sqlpUser.Value
=
tbName.Text;
SqlParameter sqlpPasshash
=
new
SqlParameter(
"
@passhash
"
,SqlDbType.NVarChar,
50
);
sqlpPasshash.Direction
=
ParameterDirection.Output;
SqlParameter sqlpPasssalt
=
new
SqlParameter(
"
@passsalt
"
,SqlDbType.NVarChar,
50
);
sqlpPasssalt.Direction
=
ParameterDirection.Output;
com.Parameters.Add(sqlpUser);
com.Parameters.Add(sqlpPasssalt);
com.Parameters.Add(sqlpPasshash);
com.ExecuteNonQuery();
string
hash
=
com.Parameters[
"
@passhash
"
].Value.ToString();
string
salt
=
com.Parameters[
"
@passsalt
"
].Value.ToString();
bool
bExist
=
false
;
if
(hash
==
null
||
salt
==
null
)
bExist
=
false
;
else
{
byte
[] saltBits
=
Convert.FromBase64String(salt);
byte
[] hashBits
=
Convert.FromBase64String(hash);
byte
[] passBits
=
Encoding.Unicode.GetBytes(strUserPass);
HashAlgorithm hashAlg
=
SHA1.Create();
CryptoStream cs
=
new
CryptoStream(Stream.Null,hashAlg,CryptoStreamMode.Write);
cs.Write(passBits,
0
,passBits.Length);
cs.Write(saltBits,
0
,saltBits.Length);
cs.FlushFinalBlock();
cs.Close();
byte
[] digest
=
hashAlg.Hash;
if
(ArraysEqual(digest,hashBits))
bExist
=
true
;
else
bExist
=
false
;
}
con.Close();
return
bExist;
}
}
}
上面代码中使用了一个存储过程
sp_getuserdetails,这个存储过程的代码如下
CREATE
PROCEDURE
sp_getuserdetails
@acctname
varchar
(
64
),
@passhash
varchar
(
50
) out,
@passsalt
varchar
(
50
) out
AS
select
@passhash
=
passwordHash,
@passsalt
=
passwordSalt
from
formsUserInfo
where
userName
=
@acctname
GO
这里和大家分享和学习如何学IT!
查看全文
相关阅读:
慎用静态类static class
20170617
学习笔记之工厂模式-2017年1月11日23:00:53
链表翻转
面试被虐
tips
依赖注入那些事儿
浅谈算法和数据结构(1):栈和队列
猫都能学会的Unity3D Shader入门指南(一)
SerializeField等Unity内的小用法
原文地址:https://www.cnblogs.com/fuchifeng/p/627247.html
最新文章
交换机和路由器的区别
TCP协议是如何保证可靠传输的【经典】
TCP的三次握手和四次挥手【经典】
如何创建 Visual Studio 2017 RC 离线安装包
npm
sublime 插件(持续更新)
nopCommerce 数据库初试化及数据操作
nopCommerce 数据缓存
NopCmmerce的FakeHttpContext类
NopCommerce使用Autofac实现依赖注入
热门文章
NopCmmerce Area前后台分离
SQL Server 查看死锁的存储过程(转载)
VS中的路径宏 vc++中OutDir、ProjectDir、SolutionDir各种路径
修改注册表删除Windows资源管理器 “通过QQ发送” 右键菜单项
LeetCode 312. Burst Balloons
LeetCode 287. Find the Duplicate Number
LeetCode 10. Regular Expression Matching
LeetCode 117. Populating Next Right Pointers in Each Node II
利用.NET Code Contracts实现运行时验证
Log4net 配置实例
Copyright © 2011-2022 走看看