我正在尝试创建一个简单的 asp.net 网站,允许用户注册和登录。我已成功地将所有数据存储在数据库中,并在登录表单中对用户进行身份验证。然而我现在想做的是每当新用户注册时将密码以 MD5 格式存储在数据库中并匹配哈希值以便用户能够登录。
这是注册部分中将用户存储在数据库中的代码:
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["AssignmentDBConnectionString"].ConnectionString);
conn.Open();
string insertQuery = "insert into [AsTable] ([Username],Email,Password) values (@Username ,@Email, @Password)";
SqlCommand com = new SqlCommand(insertQuery, conn);
com.Parameters.AddWithValue("@Username", TextBoxUsername.Text);
com.Parameters.AddWithValue("@email", TextBoxEmail.Text);
com.Parameters.AddWithValue("@password", TextBoxPass.Text);
com.ExecuteNonQuery();
Response.Redirect("Manager.aspx");
Response.Write("Registration Completed");
conn.Close();
}
catch (Exception ex)
{
Response.Write("Error:"+ex.ToString());
}
这是登录部分中的代码,用于对用户进行身份验证以便他登录:
conn.Open();
string checkPasswordQuery = "select Password from [AsTable] where Username ='" + TextBoxUsername.Text + "'";
SqlCommand passcom = new SqlCommand(checkPasswordQuery, conn);
string password = passcom.ExecuteScalar().ToString().Replace(" ","");
if (password == TextBoxPassword.Text)
{
Session["New"] = TextBoxUsername.Text;
Response.Write("Password is correct");
Response.Redirect("Index.aspx");
}
else
{
Response.Write("Password is not correct");
}
}
else
{
Response.Write("Username is not correct");
}
}
有什么想法要改变吗?
这就是我处理加密的方式
首先我创建一个将简单字符串转换为 sha256 的方法(我认为这比 md5 更好)
public string ToSHA256(string value)
{
SHA256 sha256 = SHA256.Create();
byte[] hashData = sha256.ComputeHash(Encoding.Default.GetBytes(value));
StringBuilder returnValue = new StringBuilder();
for (int i = 0; i < hashData.Length; i++)
{
returnValue.Append(hashData[i].ToString());
}
return returnValue.ToString();
}
then
只需将创建用户时的代码更改为
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["AssignmentDBConnectionString"].ConnectionString);
conn.Open();
string insertQuery = "insert into [AsTable] ([Username],Email,Password) values (@Username ,@Email, @Password)";
SqlCommand com = new SqlCommand(insertQuery, conn);
com.Parameters.AddWithValue("@Username", TextBoxUsername.Text);
com.Parameters.AddWithValue("@email", TextBoxEmail.Text);
com.Parameters.AddWithValue("@password", ToSHA256(TextBoxPass.Text));
com.ExecuteNonQuery();
Response.Redirect("Manager.aspx");
Response.Write("Registration Completed");
conn.Close();
}
catch (Exception ex)
{
Response.Write("Error:"+ex.ToString());
}
然后在找回密码时
conn.Open();
string checkPasswordQuery = "select Password from [AsTable] where Username ='" + ToSHA256(TextBoxUsername.Text) + "'";
SqlCommand passcom = new SqlCommand(checkPasswordQuery, conn);
//string password = passcom.ExecuteScalar().ToString().Replace(" ","");
if (password == ToSHA256(TextBoxPassword.Text))
{
Session["New"] = TextBoxUsername.Text;
Response.Write("Password is correct");
Response.Redirect("Index.aspx");
}
else
{
Response.Write("Password is not correct");
}
}
else
{
Response.Write("Username is not correct");
}
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)