Asp. NET Encryption Password Method Example _ practical skills

Whenever we want to build a database-driven personalized web site, we must protect the user's data. Although hackers can steal a person's password, the more serious problem is that someone can steal the entire database, and then immediately all the passwords.

Principle

It is a good practice not to store the actual passwords in the database, but to store their encrypted versions. When we need to authenticate the user, we simply encrypt the user's password and then compare it to the encrypted password in the system.

In ASP, we have to use external objects to encrypt strings. and the. NET SDK solves this problem, It provides a HashPasswordForStoringInConfigFile method in the FormsAuthentication class in the System.Web.Security namespace, which is intended to encrypt the object stored in the form form, as the name suggests. Password.

Example

The HashPasswordForStoringInConfigFile method is very simple to use, and it supports the "SHA1" and "MD5" hashing algorithms used to encrypt strings. To see the power of the "HashPasswordForStoringInConfigFile" method, let's create a small asp.net page and encrypt the string into SHA1 and MD5 format.

The following is a asp.net page source code:

aspx file:

Copy Code code as follows:

<%@ Page language= "C #" codebehind= "Loginform.aspx.cs" autoeventwireup= "false" inherits= "Konson.log.loginform"% >
<! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 transitional//en" >
<HTML>
<HEAD>
<title>loginform</title>
<meta name= "generator" content= "Microsoft Visual Studio 7.0" >
<meta name= "Code_language" content= "C #" >
<meta name= "vs_defaultClientScript" content= "JavaScript" >
<meta name= "vs_targetschema" content= "http://schemas.microsoft.com/intellisense/ie5" >
</HEAD>
<body ms_positioning= "GridLayout" >
<form id= "LoginForm" method= "POST" runat= "Server" >
<table style= "WIDTH:205PX; Height:86px ">
<tr>
&LT;TD style= "width:78px" > sign-in name </td>
<td><asp:textbox id= "userid" runat= "Server" width= "101px" ></asp:TextBox></td>
</tr>
<tr>
&LT;TD style= "width:78px" > Password </td>
<td><asp:textbox id= "pwd" runat= "server" width= "101px" ></asp:TextBox></td>
</tr>
<tr>
&LT;TD style= "width:78px" ><asp:button id= "Login" runat= "server" text= "Log In" ></asp:Button></td>
<td><asp:button id= "Cancel" runat= "Server" text= "Cancel" ></asp:Button></td>
</tr>
</table>
</form>
</body>
</HTML>

Code behind file:

Copy Code code as follows:

Using System;
Using System.Collections;
Using System.ComponentModel;
Using System.Data;
Using System.Drawing;
Using System.Web;
Using System.Web.SessionState;
Using System.Web.UI;
Using System.Web.UI.WebControls;
Using System.Web.UI.HtmlControls;
Using System.Web.Security;

Namespace Konson.log
{
public class Loginform:System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox userid;
protected System.Web.UI.WebControls.Button login;
protected System.Web.UI.WebControls.Button Cancel;
protected System.Web.UI.WebControls.TextBox pwd;
String epwd;
private void Page_Load (object sender, System.EventArgs e)
{}
#region Web Form Designer generated code
Override protected void OnInit (EventArgs e)
{
InitializeComponent ();
Base. OnInit (e);
}

private void InitializeComponent ()
{
This.login.Click + = new System.EventHandler (This.login_click);
This. Load + = new System.EventHandler (this. Page_Load);
}
#endregion

private void Login_click (object sender, System.EventArgs e)
{
Epwd=formsauthentication.hashpasswordforstoringinconfigfile (pwd. Text, "SHA1");
Epwd=formsauthentication.hashpasswordforstoringinconfigfile (pwd. Text, "MD5");
Response.Write (EPWD);
}
}
}

In the code above, you just have to write the encrypted epwd string when the database is OK. Encrypted passwords are so simple.