asp.net“记住我”的cookie
发布时间:2020-12-16 00:08:36 所属栏目:asp.Net 来源:网络整理
导读:我使用这个在asp.net webform中实现了记住我的选项, protected void LBtnSubmit_Click(object sender,EventArgs e) { if (this.ChkRememberme != null this.ChkRememberme.Checked == true) { HttpCookie cookie = new HttpCookie(TxtUserName.Text,TxtPassw
我使用这个在asp.net webform中实现了记住我的选项,
protected void LBtnSubmit_Click(object sender,EventArgs e) { if (this.ChkRememberme != null && this.ChkRememberme.Checked == true) { HttpCookie cookie = new HttpCookie(TxtUserName.Text,TxtPassword.Text); cookie.Expires.AddYears(1); Response.Cookies.Add(cookie); } } 我是以正确的方式做到的吗?任何建议..我正在使用Windows身份验证,我不使用asp.net会员资格.. 解决方法
不是直接在cookie中存储用户名和密码,而是在cookie中存储用户名和密码的哈希值以及盐,然后在验证cookie时,检索给定用户名的密码,重新创建哈希值.密码和相同的盐并比较它们.
创建哈希就像将密码和salt值一起存储在字符串中一样简单,将字符串转换为字节数组,计算字节数组的哈希值(使用MD5或您喜欢的任何内容)并将生成的哈希值转换为字符串(可能通过base64编码). 这是一些示例代码: // Create a hash of the given password and salt. public string CreateHash(string password,string salt) { // Get a byte array containing the combined password + salt. string authDetails = password + salt; byte[] authBytes = System.Text.Encoding.ASCII.GetBytes(authDetails); // Use MD5 to compute the hash of the byte array,and return the hash as // a Base64-encoded string. var md5 = new System.Security.Cryptography.MD5CryptoServiceProvider(); byte[] hashedBytes = md5.ComputeHash(authBytes); string hash = Convert.ToBase64String(hashedBytes); return hash; } // Check to see if the given password and salt hash to the same value // as the given hash. public bool IsMatchingHash(string password,string salt,string hash) { // Recompute the hash from the given auth details,and compare it to // the hash provided by the cookie. return CreateHash(password,salt) == hash; } // Create an authentication cookie that stores the username and a hash of // the password and salt. public HttpCookie CreateAuthCookie(string username,string password,string salt) { // Create the cookie and set its value to the username and a hash of the // password and salt. Use a pipe character as a delimiter so we can // separate these two elements later. HttpCookie cookie = new HttpCookie("YourSiteCookieNameHere"); cookie.Value = username + "|" + CreateHash(password,salt); return cookie; } // Determine whether the given authentication cookie is valid by // extracting the username,retrieving the saved password,recomputing its // hash,and comparing the hashes to see if they match. If they match,// then this authentication cookie is valid. public bool IsValidAuthCookie(HttpCookie cookie,string salt) { // Split the cookie value by the pipe delimiter. string[] values = cookie.Value.Split('|'); if (values.Length != 2) return false; // Retrieve the username and hash from the split values. string username = values[0]; string hash = values[1]; // You'll have to provide your GetPasswordForUser function. string password = GetPasswordForUser(username); // Check the password and salt against the hash. return IsMatchingHash(password,salt,hash); } (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- asp.net – gridview显示文本而不是值
- asp.net-mvc – 用于Web.config的T4MVC
- 在ASP.NET中使用JQuery选择ID属性
- asp.net-mvc – 将参数传递给telerik asp.net mvc grid
- entity-framework-4 – 在我的自定义MembershipProvider中使
- asp.net-mvc – 服务层内的成员资格提供者
- asp.net – 当通过文件上传控件上传文件时,在c#.net中重命名
- asp.net-mvc – 如何通过Resharper 8.2.1停止INCORRECT_TYP
- asp.net – 第一次访问网站需要非常长的时间(总共最多68秒)
- asp.net中的泛型处理程序是什么?
推荐文章
站长推荐
- asp.net-mvc – ASP.NET MVC Preview 5 on Mono
- asp.net-mvc – Asp.Net mvc session与cache
- ABP(ASP.NET Boilerplate Project)快速入门
- asp.net-mvc-4 – Twitter Bootstrap nuget包差异
- asp.net-mvc-4 – MVC 4 Html.EditorFor无效
- 在Asp.NET中黑客会话变量
- asp.net-mvc-3 – 在运行时更改viewmodel的Metad
- 如何使用asp.net在服务器上生成新的html页面?
- RegisterStartupScript无法在更新面板中工作,无法
- ASP.NET:将内容注入所有Response流
热点阅读