EncryptPassWord类:
using
System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography;
using System.Text;
public class EncryptPassWord
{
/// <summary>
/// 获取密钥
/// </summary>
/// <returns></returns>
public static string CreateSalt()
{
byte [] data = new byte [ 8 ];
new RNGCryptoServiceProvider().GetBytes(data);
return Convert.ToBase64String(data);
}
/// <summary>
/// 加密密码
/// </summary>
/// <param name="pwdString"></param>
/// <param name="salt"></param>
/// <returns></returns>
public static string EncryptPwd( string pwdString, string salt)
{
if (salt == null || salt == "" )
{
return pwdString;
}
byte [] bytes = Encoding.Unicode.GetBytes(salt.ToLower().Trim() + pwdString.Trim());
return BitConverter.ToString(((HashAlgorithm)CryptoConfig.CreateFromName( " SHA1 " )).ComputeHash(bytes));
}
}
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography;
using System.Text;
public class EncryptPassWord
{
/// <summary>
/// 获取密钥
/// </summary>
/// <returns></returns>
public static string CreateSalt()
{
byte [] data = new byte [ 8 ];
new RNGCryptoServiceProvider().GetBytes(data);
return Convert.ToBase64String(data);
}
/// <summary>
/// 加密密码
/// </summary>
/// <param name="pwdString"></param>
/// <param name="salt"></param>
/// <returns></returns>
public static string EncryptPwd( string pwdString, string salt)
{
if (salt == null || salt == "" )
{
return pwdString;
}
byte [] bytes = Encoding.Unicode.GetBytes(salt.ToLower().Trim() + pwdString.Trim());
return BitConverter.ToString(((HashAlgorithm)CryptoConfig.CreateFromName( " SHA1 " )).ComputeHash(bytes));
}
}
DESEncrypt类:
using
System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Security.Cryptography;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.IO;
using System.Text;
/// <summary>
/// Summary description for DESEncrypt
/// </summary>
public class DESEncrypt
{
private string iv = " 12345678 " ;
private string key = " 12345678 " ;
private Encoding encoding = new UnicodeEncoding();
private DES des;
public DESEncrypt()
{
des = new DESCryptoServiceProvider();
}
/// <summary>
/// 设置加密密钥
/// </summary>
public string EncryptKey
{
get { return this .key; }
set
{
this .key = value;
}
}
/// <summary>
/// 要加密字符的编码模式
/// </summary>
public Encoding EncodingMode
{
get { return this .encoding; }
set { this .encoding = value; }
}
/// <summary>
/// 加密字符串并返回加密后的结果
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public string EncryptString( string str)
{
byte [] ivb = Encoding.ASCII.GetBytes( this .iv);
byte [] keyb = Encoding.ASCII.GetBytes( this .EncryptKey); // 得到加密密钥
byte [] toEncrypt = this .EncodingMode.GetBytes(str); // 得到要加密的内容
byte [] encrypted;
ICryptoTransform encryptor = des.CreateEncryptor(keyb, ivb);
MemoryStream msEncrypt = new MemoryStream();
CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);
csEncrypt.Write(toEncrypt, 0 , toEncrypt.Length);
csEncrypt.FlushFinalBlock();
encrypted = msEncrypt.ToArray();
csEncrypt.Close();
msEncrypt.Close();
return this .EncodingMode.GetString(encrypted);
}
}
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Security.Cryptography;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.IO;
using System.Text;
/// <summary>
/// Summary description for DESEncrypt
/// </summary>
public class DESEncrypt
{
private string iv = " 12345678 " ;
private string key = " 12345678 " ;
private Encoding encoding = new UnicodeEncoding();
private DES des;
public DESEncrypt()
{
des = new DESCryptoServiceProvider();
}
/// <summary>
/// 设置加密密钥
/// </summary>
public string EncryptKey
{
get { return this .key; }
set
{
this .key = value;
}
}
/// <summary>
/// 要加密字符的编码模式
/// </summary>
public Encoding EncodingMode
{
get { return this .encoding; }
set { this .encoding = value; }
}
/// <summary>
/// 加密字符串并返回加密后的结果
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public string EncryptString( string str)
{
byte [] ivb = Encoding.ASCII.GetBytes( this .iv);
byte [] keyb = Encoding.ASCII.GetBytes( this .EncryptKey); // 得到加密密钥
byte [] toEncrypt = this .EncodingMode.GetBytes(str); // 得到要加密的内容
byte [] encrypted;
ICryptoTransform encryptor = des.CreateEncryptor(keyb, ivb);
MemoryStream msEncrypt = new MemoryStream();
CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);
csEncrypt.Write(toEncrypt, 0 , toEncrypt.Length);
csEncrypt.FlushFinalBlock();
encrypted = msEncrypt.ToArray();
csEncrypt.Close();
msEncrypt.Close();
return this .EncodingMode.GetString(encrypted);
}
}
1.原理:每次产生一个随机字符串作为密匙,用户输入一个密码,密码经过密匙加密得到一个字符串存放在数据库中...当需要验证密码时,要先得到密匙才能验证.
(1).登录时,验证代码
//
根据用户名得到用户信息
DataTable dt = WYTWeb.UserDAO.UserLogin(userName);
if (dt.Rows.Count == 0 )
{
return - 2 ; // 用户不存在
}
DataRow row = dt.Rows[ 0 ];
// 得到密匙
string salt = row[ " salt " ].ToString();
// 验证密码是否正确
if (EncryptPassWord.EncryptPwd(password, salt) == row[ " password " ].ToString())
{
// 登录成功
}
DataTable dt = WYTWeb.UserDAO.UserLogin(userName);
if (dt.Rows.Count == 0 )
{
return - 2 ; // 用户不存在
}
DataRow row = dt.Rows[ 0 ];
// 得到密匙
string salt = row[ " salt " ].ToString();
// 验证密码是否正确
if (EncryptPassWord.EncryptPwd(password, salt) == row[ " password " ].ToString())
{
// 登录成功
}
(2)修改密码时(与插入一条新密码一样)
//
从基类获得登录id
int userId = LoginUser_Id;
// 获得密匙
string salt = EncryptPassWord.CreateSalt();
// 得到经过加密后的"密码"
string password = EncryptPassWord.EncryptPwd(txtPassword.Text.Trim(), salt);
// 修改原数据
int result = WYTWeb.UserDAO.EditPassword(userId, password, salt);
if (result > 0 )
{
WYTWeb.LogDAO.InsertLog( " info " , " wytWeb " , " 用户 " + userId + " 修改了密码 " , userId , this .Request.UserHostAddress.ToString());
ShowMessage( " 密码修改成功 " );
// this.Response.Redirect("CompanyInfo.aspx");
}
else
{
WYTWeb.LogDAO.InsertLog( " info " , " wytWeb " , " 用户 " + userId + " 修改密码失败 " , userId, this .Request.UserHostAddress.ToString());
ShowMessage( " 密码修改失败 " );
}
int userId = LoginUser_Id;
// 获得密匙
string salt = EncryptPassWord.CreateSalt();
// 得到经过加密后的"密码"
string password = EncryptPassWord.EncryptPwd(txtPassword.Text.Trim(), salt);
// 修改原数据
int result = WYTWeb.UserDAO.EditPassword(userId, password, salt);
if (result > 0 )
{
WYTWeb.LogDAO.InsertLog( " info " , " wytWeb " , " 用户 " + userId + " 修改了密码 " , userId , this .Request.UserHostAddress.ToString());
ShowMessage( " 密码修改成功 " );
// this.Response.Redirect("CompanyInfo.aspx");
}
else
{
WYTWeb.LogDAO.InsertLog( " info " , " wytWeb " , " 用户 " + userId + " 修改密码失败 " , userId, this .Request.UserHostAddress.ToString());
ShowMessage( " 密码修改失败 " );
}