日常生活中登录某系统或者登录社交软件中会涉及用户名及登录密码等,可用MD5算法对密码进行转换保存(注意MD5不是加密,有加密必有解密),由于MD5的不可逆和抗碰撞使得密码存储更加安全。
首先把加盐的数据,即value后的字符串写进appconfig中,方便调用,不用每次都输这串字符串,再者用户也方便修改
<appSettings>
<add key="passwordSalt" value="love@guangdong"/>
</appSettings>
数据转换MD5值的方法
public static string GetMD5(string sDataIn)
{
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
byte[] bytValue, byHash;
bytValue = System.Text.Encoding.UTF8.GetBytes(sDataIn);
byHash = md5.ComputeHash(bytValue);
md5.Clear();
string sTemp = "";
for (int i = 0; i < byHash.Length; i++)
{
sTemp += byHash[i].ToString("X").PadLeft(2, '0');
}
return sTemp.ToLower();
}
//把一些可能会变的值写入appconfig
public static string GetPasswordSalt()
{
string salt = ConfigurationManager.AppSettings["passwordSalt"];
return salt;
}
密码的保存:
if (IsInsert)
{
Operator op = new Operator();
op.RealName = txtRealName.Text;
op.UserName = txtUserName.Text;
op.Password = CommonHelper.GetMD5(pwdPassword.Password + CommonHelper.GetPasswordSalt());
new OperatorDAL().Insert(op);
DialogResult = true;
}
else
{
string pwd = pwdPassword.Password;
if (pwd.Length <= 0)//编辑的时候如果密码为空,则保留现有密码
{
new OperatorDAL().Update(EditingID, txtUserName.Text, txtRealName.Text);
}
else//如果不为空,则把密码重置为用户输入的密码
{
string pwdMD5 = CommonHelper.GetMD5(pwd +CommonHelper.GetPasswordSalt());
new OperatorDAL().Update(EditingID, txtUserName.Text, txtRealName.Text,pwdMD5);
}
DialogResult = true;
}
登陆时输入的密码的MD5值与数据库中的密码MD5值做比较
string username = txtUserName.Text;
string pwd = pwPassword.Password;
Operator op = new OperatorDAL().GetByUserName(username);
if (op == null)
{
MessageBox.Show("用户名或者密码错误!");
}
else
{
string dbMD5 = op.Password;//数据库中存储的MD5
string myMD5 = CommonHelper.GetMD5(pwPassword.Password+CommonHelper.GetPasswordSalt());
if (dbMD5 == myMD5)
{
DialogResult = true;
}
else
{
MessageBox.Show("用户名或者密码错误!");
}
}