利用MD5加密數據庫中的密碼 - 中國WEB開發者網絡 (http://www.webasp.net) -- 技術教程 (http://www.webasp.net/article/) --- 利用MD5加密數據庫中的密碼 (http://www.webasp.net/article/15/14403.htm) |
| -- 作者:未知 -- 發佈日期: 2004-11-01 |
| NET提供了進行數據加密類,下面就用例子進行說明如何使用MD5進行數據加密。
首先,創建一個UserAccount表,字段兩個:UserName和Password,類型分別為varchar(25)和binary(16),下面的ASP.NET代碼就是創建用戶時的具體實現: <%@ Import Namespace="System.Security.Cryptography" %> <%@ Import Namespace="System.Text" %> <%@ Import Namespace="System.Data" %> <%@ Import Namespace="System.Data.SqlClient" %> <script runat="server" language="VB"> Sub CreateAccount(sender as Object, e as EventArgs) '1. 創建連接 Const strConnString as String strConnString= "Data Source=.;Initial Catalog=test;User Id=sa;Password=;" Dim objConn as New SqlConnection(strConnString) '2. 創建Command對像 Dim strSQL as String = _ "INSERT INTO UserAccount(Username,Password) " & _ "VALUES(@Username, @Password)" Dim objCmd as New SqlCommand(strSQL, objConn) '3. 創建參數 Dim paramUsername as SqlParameter paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25) paramUsername.Value = txtUsername.Text objCmd.Parameters.Add(paramUsername) '加密密碼字段 Dim md5Hasher as New MD5CryptoServiceProvider() Dim hashedBytes as Byte() Dim encoder as New UTF8Encoding() hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text)) Dim paramPwd as SqlParameter paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16) paramPwd.Value = hashedBytes objCmd.Parameters.Add(paramPwd) '插入數據庫 objConn.Open() objCmd.ExecuteNonQuery() objConn.Close() 'Redirect 其它頁面 End Sub </script> <form runat="server"> <h1>創建帳號:</h1> 用戶名: <asp:TextBox runat="server" id="txtUsername"/> <br/> 密碼: <asp:TextBox runat="server" id="txtPwd" TextMode="Password"/> <p><asp:Button runat="server" Text="創建用戶" OnClick="CreateAccount"/></p> </form> 下面是對用戶進行驗證的ASP.NET代碼: <%@ Import Namespace="System.Security.Cryptography" %> <%@ Import Namespace="System.Text" %> <%@ Import Namespace="System.Data" %> <%@ Import Namespace="System.Data.SqlClient" %> <script runat="server" language="VB"> Sub Login(sender as Object, e as EventArgs) '1. 創建連接 Const strConnString as String strConnString= "Data Source=.;Initial Catalog=test;User Id=sa;Password=;" Dim objConn as New SqlConnection(strConnString) '2. 創建Command對像 Dim strSQL as String = "SELECT COUNT(*) FROM UserAccount " & _ "WHERE Username=@Username AND Password=@Password" Dim objCmd as New SqlCommand(strSQL, objConn) '3. 創建參數 Dim paramUsername as SqlParameter paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25) paramUsername.Value = txtUsername.Text objCmd.Parameters.Add(paramUsername) '加密密碼 Dim md5Hasher as New MD5CryptoServiceProvider() Dim hashedDataBytes as Byte() Dim encoder as New UTF8Encoding() hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text)) Dim paramPwd as SqlParameter paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16) paramPwd.Value = hashedDataBytes objCmd.Parameters.Add(paramPwd) '執行查詢 objConn.Open() Dim iResults as Integer = objCmd.ExecuteScalar() objConn.Close() If iResults = 1 then '合法 Else '不合法 End If End Sub </script> <form runat="server"> <h1>登錄:</h1> 用戶名:<asp:TextBox runat="server" id="txtUsername"/><br/> 密 碼:<asp:TextBox runat="server" id="txtPwd" TextMode="Password"/> <p><asp:Button runat="server" Text="登錄" OnClick="Login"/> </form> 下面是MD5CryptoServiceProvider直接生成的例子: <%@ Import Namespace="System.Security.Cryptography" %> <%@ Import Namespace="System.Text" %> <script language="VB" runat="server"> Sub DisplayEncryptedText(sender as Object, e as EventArgs) If Page.IsValid then Dim md5Hasher as New MD5CryptoServiceProvider() Dim hashedDataBytes as Byte() Dim encoder as New UTF8Encoding() hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text)) ltlResults.Text = "<b>Encrypted Results</b><br /> The results are encrypted into " & _ "an array of 16 bytes. These 16 bytes contain the values:<p><ul>" Dim b as Byte For Each b in hashedDataBytes ltlResults.Text &= "<li>" & b & "</li>" Next b ltlResults.Text &= "</ul>" End If End Sub </script> <form runat="server"> Enter a string: <asp:TextBox id="txtPassword" runat="server" /> <asp:RequiredFieldValidator runat="server" ControlToValidate="txtPassword" Display="Dynamic" ErrorMessage="<i>You must provide a value here...</i>" /> <asp:RegularExpressionValidator runat="server" ControlToValidate="txtPassword" Display="Dynamic" ErrorMessage="<i>The string must be 20 characters or less...</i>" ValidationExpression="^.{1,20}$" /> <br /> <asp:Button runat="server" Text="View the String as Encrypted Text" OnClick="DisplayEncryptedText" /> <p> <asp:Literal runat="server" id="ltlResults" /> </form> |
| webasp.net |