ASP. NET encryption password method instance
- 2020-06-03 06:16:42
- OfStack
Whenever we build a database-driven, personalized web site, we must protect the user's data. While hackers can steal individual passwords, the bigger problem is that someone can steal an entire database, and then all of them at once.
The principle of
A good practice is not to store the actual passwords in the database, but to store encrypted versions of them. When we need to authenticate the user, we just encrypt the user's password and then compare it with the encrypted password in the system.
In ASP, we have to encrypt strings with external objects. .NET SDK solves this problem by providing the HashPasswordForStoringInConfigFile method in the FormsAuthentication class in the System.Web.Security namespace. The purpose of this method, as its name suggests, is to encrypt the password stored in the Form form.
example
The HashPasswordForStoringInConfigFile method is very simple to use and supports the "SHA1" and "MD5" hashing algorithms for encrypting strings. To see the power of the "HashPasswordForStoringInConfigFile" method, let's create a small ASP.NET page and encrypt the string into SHA1 and MD5 formats.
The following is an ES31en. NET page source code like this:
ASPX file:
<%@ Page language="c#" Codebehind="loginform.aspx.cs" AutoEventWireup="false" Inherits="konson.log.loginform" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>loginform</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="loginform" method="post" runat="server">
<table style="WIDTH: 205px; HEIGHT: 86px">
<tr>
<td style="WIDTH: 78px"> Login name </td>
<td><asp:TextBox id="userid" runat="server" Width="101px"></asp:TextBox></td>
</tr>
<tr>
<td style="WIDTH: 78px"> password </td>
<td><asp:TextBox id="pwd" runat="server" Width="101px"></asp:TextBox></td>
</tr>
<tr>
<td style="WIDTH: 78px"><asp:Button id="login" runat="server" Text=" deng record "></asp:Button></td>
<td><asp:Button ID="cancel" Runat="server" Text=" take eliminate "></asp:Button></td>
</tr>
</table>
</form>
</body>
</HTML>
Code Behind file:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Security;
namespace konson.log
{
public class loginform : System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox userid;
protected System.Web.UI.WebControls.Button login;
protected System.Web.UI.WebControls.Button cancel;
protected System.Web.UI.WebControls.TextBox pwd;
string epwd;
private void Page_Load(object sender, System.EventArgs e)
{}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
InitializeComponent();
base.OnInit(e);
}
private void InitializeComponent()
{
this.login.Click += new System.EventHandler(this.login_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void login_Click(object sender, System.EventArgs e)
{
epwd=FormsAuthentication.HashPasswordForStoringInConfigFile(pwd.Text, "SHA1");
//epwd=FormsAuthentication.HashPasswordForStoringInConfigFile(pwd.Text, "MD5");
Response.Write(epwd);
}
}
}
In the above code, you only need to write the encrypted epwd string when the database ok. Encrypting passwords is that simple.