之前做登录时,发送短信验证码需要做安全控制,使用到了图形验证码
使用的思路是:
1、建立一个验证码图片生成器页面
2、生成字母或数字组成的随机字符串
3、在Cookie中保存随机验证码
4、根据生成的随机验证码,生成验证码图片
5、前端调用该页面,填写验证码,后台获取用户输入的验证码与Session中保存的值比较,相同则验证通过
验证码生成器代码:
protected void Page_Load(object sender, EventArgs e)
{
Response.Cache.SetNoStore();//禁用缓存
CreateCheckCodeImage(GenerateCheckCode());
}
//生成数组和字母组合的随机字符串,并存入Session
private string GenerateCheckCode()
{
//定义验证码长度
int CODELENGTH = 4;
int number;
string RandomCode = string.Empty;
Random r = new Random();
for (int i = 0; i < CODELENGTH; i++)
{
number = r.Next();
//字符从0~9, A~Z中随机产生,对应的ASCII码分别为48~57, 65~90 a-z 97~122
number = number % 36;
if (number < 10)
number += 48;
else
number += 55;
RandomCode += ((char)number).ToString();
}
//在Cookie中保存验证码
Session["CheckCode"] = RandomCode;
Response.Cookies.Add(new HttpCookie("CheckCode", RandomCode));
return RandomCode;
}
//生成验证码图片
private void CreateCheckCodeImage(string checkCode)
{
//若验证码为空,则直接返回
if (checkCode == null || checkCode.Trim() == string.Empty)
return;
//根据验证码的长度确定输出图片的宽度
int iWidth = (int)Math.Ceiling(checkCode.Length * 15m);
int iHeight = 20;
//创建图像
Bitmap image = new Bitmap(iWidth, iHeight);
//从图像获取一个绘图面
Graphics g = Graphics.FromImage(image);
try
{
Random r = new Random();
//清空图片背景色
g.Clear(Color.White);
//画图片的背景噪音线10条
for (int i = 0; i < 10; i++)
{
int x1 = r.Next(image.Width);
int x2 = r.Next(image.Width);
int y1 = r.Next(image.Height);
int y2 = r.Next(image.Height);
//用银色画出噪音线
g.DrawLine(new Pen(Color.Silver), x1, y1, x2, y2);
}
//画图片的前景噪音点50个
for (int i = 0; i < 50; i++)
{
int x = r.Next(image.Width);
int y = r.Next(image.Height);
image.SetPixel(x, y, Color.FromArgb(r.Next()));
}
//画图片的框线
g.DrawRectangle(new Pen(Color.SaddleBrown), 0, 0, image.Width - 1, image.Height - 1);
//定义绘制文字的字体
Font f = new Font("Arial", 12, (FontStyle.Bold | FontStyle.Italic));
//线性渐变画刷
System.Drawing.Drawing2D.LinearGradientBrush brush = new System.Drawing.Drawing2D.LinearGradientBrush(new Rectangle(0, 0, image.Width, image.Height), Color.Blue, Color.Purple, 1.2f, true);
g.DrawString(checkCode, f, brush, 2, 2);
//创建内存流用于输出图片
using (System.IO.MemoryStream ms = new System.IO.MemoryStream())
{
//图片格式制定为png
image.Save(ms, System.Drawing.Imaging.ImageFormat.Png);
//清除缓冲区流中的所有输出
Response.ClearContent();
//输出流的HTTP MIME类型设置为"image/Png"
Response.ContentType = "image/Png";
//输出图片的二进制流
Response.BinaryWrite(ms.ToArray());
}
}
finally
{
//释放Bitmap对象和Graphics对象
g.Dispose();
image.Dispose();
}
}
如果前端是以接口形式请求图形验证码,可以吧生成的图片转换成base64字符串形式返回给客户端,客户端通过设置 img的src=”data:image/png;base64,”+base64Str 来显示图形验证码
图片转base64编码:
//创建内存流用于输出图片
using (System.IO.MemoryStream ms = new System.IO.MemoryStream())
{
//图片格式制定为png
image.Save(ms, System.Drawing.Imaging.ImageFormat.Png);
//清除缓冲区流中的所有输出
Response.ClearContent();
//输出流的HTTP MIME类型设置为"image/Png"
Response.ContentType = "image/Png";
//输出图片的二进制流
Response.BinaryWrite(ms.ToArray());
string base64Str = Convert.ToBase64String(ms.ToArray());
}
前端显示:
<img src="data:image/jpg;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAAUCAYAAADRA14pAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAUoSURBVFhH5ZdbbBRVGMc/kvJEFAWioIJGH7CiVUQ2RhBvQSYFmmJEhVYUuQiRF8gU8QGUID4oSUVBvAytIFpbQRSKKZW6S2lLHyy0IJQ2YqftbrdQubRApSj5+53LDrPbvYEQH/glJz3znTOz5zfnfGdO6YPxA3E9FSmciJ3pC+fqakx8Pl9YuZbMHzJlsa5eFo5w5GAjSyLK3p3yqK46RHtOqMQj2X5XQlLCgmjxZIobd8zdJ7K4idd2JTjCgjWZ/bJkJQHdh8YtEn+TGcSEzEm3ugd8tYsb68NdqboakzDhWDRbnRhIf+IWOobBFMRtFMAd1Iph1IylXiXuYHdgOh3CA3QAD1ItZlh/6YYQ3SgyKvA4leMJ2o2FueGDD1h7MImKkUHbkEk7kKfbhtE6vETfIou+wcv0FV6hDZhJ+TBzSp37Q8+IRxLCF3EDncQg6ogqfBf5sdHW0t4A7qV6jKDfHOGRtA8r+aU42K2YQyFhH+Zb53SDeEYZFtNPl4TNNt3ShWKjCNOogIW/DhOeResxx2zS/XqnwOY+2X3c10kIX8ASOiGF33IPnGdqqRRuwjIZ78EyzxGk0mFkWedlj1arQQqPMtrQKiOMtwFjWHgcCz8ZIRywKpDuEp6TUxZqwToqlMLv8Ipw8O5Wwixfyi89GRILe89igBQ+ifywh0YI2yd4QELYj0/4TUq8thKmP1ClIvBbtRjLwq8bNRHCx+ChEhbeg9Xmbin8sU4XX+42vCiFq7Ah9GxJJ0oMIfwFluTs1LH4JBS2rS4lbJxDs47NXjVxVLmplvTddBx7RNAbxHAtXMGXYqDRhKvNKhbehyKrPlzYewCGEDZ/x1ZDzHAN0u5Re1DQKlXCnmL8GCYM1JlKeB4va/mbCUggfBF5xik9w71z+E6yMdW6IHvS2Dw9w0exSa6E81juUTkshFOH38gxsWFVsjD36/+ZS/gsvjdKWbgCW+12fETbkWE0YEhKCrd1YbvxnRLu+7x4sJOPoqT1XY+59LkUDrUVDB6RLS+ikED4b7xJvYVvZ+Gh1CJ36Ev0YJOhcti9aT3MwqM9lSqHbT9mEwsbLfB71Qw/ZR7n2T2IZ4mFzXau78dkIexsWCJ/lfCnYb8nOI21HksKr7RO6ZheXTGIL2z38AYihA8jL4lNweer5uV1Sfgh2s/CNRhtnlQdvI14TAibHfzsFq4L4SZsMXZhAu1ELgsFrHIpLPJXYh/hly6ES1AcMYZp/RZgBSnhjJHq8BQitAIiiStsW2dwkxA2utF/6AAdjc25N1Ie0VW+uR0ztPB7evB+q04Kz7W6pfA8Fn6afsF4+hmGcZTn8gzn7w4W9uEHLddm7cJUIWwcRlCFHGrNPF4xLGzs5y0vOpHScYV9ZqcUHmT26EgszuBtapSb1nItV2nWqRk2gs4naa+5Vwq/z318hT7+pvrwDJVJYTG7QDtW82FjMr+kX+UdQI25RQmbfh1R1Jpf4jVSwvl873PVmzN1Uy/c0nGERf524mb+HE22/tGx2FSYjfLQcR+fsu6ng0ijOt6w6lHgLMNuFBpCuAHV8rqDZ9+rhD1lPLuMtxYThbDRCJXBAaylLXiBiuQpazqfsrJpE6+cjXiVlPAK67TsmSyxhWX+nub87Uwqf9Wm5RZuRqVukdgBPiTsxRijFWquOrBKCy+wzspZEAcPIbyIU0liN/BL3xxDuBy1qtdlEWeGr5ySmaNn6er/SnDjGvlPjptrIny1KUwvm6er/xlH+PopA/Evy3vMc/0rY8gAAAAASUVORK5CYII=" />
另外还有一种思路是:
1、客户端请求图形验证码
2、服务器向客户端返回base64形式的图片,并且返回加密过的后台生成的验证码(可以使用base64加密或其他加密方法)
3、客户端解密验证码和用户输入的验证码比较(或者加密用户输入验证码和获取的加密验证码比较),这样可以实现在客户端完成验证