安全解密
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Web.Security;
using System.Security.Cryptography;
using System.Text;
using System.IO;
namespace CommandExample
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
{
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//// <summary>
/// login 的摘要说明。
/// </summary>
public class Login01 : System.Web.UI.Page
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.TextBox tbName;
protected System.Web.UI.WebControls.TextBox tbPass;
protected System.Web.UI.WebControls.Button btnLoginBetter;
protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator1;
protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator2;
protected System.Web.UI.WebControls.CheckBox PersistCookie;
protected System.Web.UI.WebControls.Label Label2;
private void Page_Load(object sender, System.EventArgs e)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
// 在此处放置用户代码以初始化页面
}
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
Web Form Designer generated code#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
//
// CODEGEN:该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base.OnInit(e);
}
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
this.btnLoginBetter.Click += new System.EventHandler(this.btnLoginBetter_Click);
this.Load += new System.EventHandler(this.Page_Load);
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
}
#endregion
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
private void btnLoginBetter_Click(object sender, System.EventArgs e)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
bool bExist = AuthenticateUser(tbName.Text,tbPass.Text);
if(bExist)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
//1) //创建一个验证票据//相当于产生一个COOKIE
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, tbName.Text,DateTime.Now,
DateTime.Now.AddMinutes(30),PersistCookie.Checked,"User");
//2) //并且加密票据
string cookieStr = FormsAuthentication.Encrypt(ticket);
//3) 创建cookie//并且是以当前forms name=".MYWEB"命名,你可以自定义名称
HttpCookie cookie =new HttpCookie(FormsAuthentication.FormsCookieName,cookieStr);//FormsAuthentication.FormsCookieName
if(PersistCookie.Checked) //如果用户选择了保存密码
cookie.Expires=ticket.Expiration;//设置cookie有效期为票据有效期
//cookie存放路径
cookie.Path = FormsAuthentication.FormsCookiePath;
//将cookie写入到系统中cookie文件中
Response.Cookies.Add(cookie);
// 4) do a redirect
string strRedirect;
strRedirect=Request["ReturnUrl"].ToString();
if(strRedirect==null)
strRedirect="default.aspx";
Response.Redirect(strRedirect,true);
}
else
Response.Write("<script language='javascript'>alert('用户名称或密码错误!')</script>");
}
private bool ArraysEqual(byte[] array1,byte[] array2)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
bool bResult = true;
if(array1==null)
throw new ArgumentNullException("array1");
if(array2==null)
throw new ArgumentNullException("array2");
if(array1.Length == array2.Length)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
for(int i=0;i<array1.Length;i++)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
if(array1[i]!=array2[i])
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
bResult = false;
break;
}
}
}
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
return bResult;
}
private bool AuthenticateUser(string strUserName, string strUserPass)
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
SqlConnection con = new SqlConnection();
con.ConnectionString = System.Configuration.ConfigurationSettings.AppSettings["DSN"];
con.Open();
string strSql = "sp_getuserdetails";
SqlCommand com = new SqlCommand(strSql,con);
com.CommandType = CommandType.StoredProcedure;
SqlParameter sqlpUser = new SqlParameter("@acctname",SqlDbType.NVarChar,64);
sqlpUser.Value = tbName.Text;
SqlParameter sqlpPasshash = new SqlParameter("@passhash",SqlDbType.NVarChar,50);
sqlpPasshash.Direction = ParameterDirection.Output;
SqlParameter sqlpPasssalt = new SqlParameter("@passsalt",SqlDbType.NVarChar,50);
sqlpPasssalt.Direction = ParameterDirection.Output;
com.Parameters.Add(sqlpUser);
com.Parameters.Add(sqlpPasssalt);
com.Parameters.Add(sqlpPasshash);
com.ExecuteNonQuery();
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
string hash = com.Parameters["@passhash"].Value.ToString();
string salt = com.Parameters["@passsalt"].Value.ToString();
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
bool bExist = false;
if(hash==null||salt==null)
bExist = false;
else
![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
byte[] saltBits = Convert.FromBase64String(salt);
byte[] hashBits = Convert.FromBase64String(hash);
byte[] passBits = Encoding.Unicode.GetBytes(strUserPass);
HashAlgorithm hashAlg = SHA1.Create();
CryptoStream cs = new CryptoStream(Stream.Null,hashAlg,CryptoStreamMode.Write);
cs.Write(passBits,0,passBits.Length);
cs.Write(saltBits,0,saltBits.Length);
cs.FlushFinalBlock();
cs.Close();
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
byte[] digest = hashAlg.Hash;
if (ArraysEqual(digest,hashBits))
bExist = true;
else
bExist = false;
}
con.Close();
return bExist;
}
![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
}
}
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
上面代码中使用了一个存储过程
sp_getuserdetails,这个存储过程的代码如下
CREATE PROCEDURE sp_getuserdetails
@acctname varchar(64),
@passhash varchar(50) out,
@passsalt varchar(50) out
AS
select @passhash=passwordHash,@passsalt=passwordSalt from formsUserInfo where userName=@acctname
GO
![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
这里和大家分享和学习如何学IT!
原文地址:https://www.cnblogs.com/fuchifeng/p/627247.html