利用MD5加密数据库中的密码
作者:孟宪会 出自:【孟宪会之精彩世界】 发布日期:2003年4月26日 4点57分50秒
.NET提供了进行数据加密类,下面就用例子进行说明如何使用MD5进行数据加密。
首先,创建一个UserAccount表,字段两个:UserName和Password,类型分别为varchar(25)和binary(16),下面的ASP.NET代码就是创建用户时的具体实现:
```
@ Import Namespace="System.Security.Cryptography"
1 ```
2@ Import Namespace="System.Text"
```
@ Import Namespace="System.Data"
1 ```
2@ Import Namespace="System.Data.SqlClient"
1<script language="VB" runat="server">
2 Sub CreateAccount(sender as Object, e as EventArgs)
3 '1. 创建连接
4 Const strConnString as String
5 strConnString= "Data Source=.;Initial Catalog=test;User Id=sa;Password=;"
6 Dim objConn as New SqlConnection(strConnString)
7
8 '2. 创建Command对象
9 Dim strSQL as String = _
10 "INSERT INTO UserAccount(Username,Password) " & _
11 "VALUES(@Username, @Password)"
12 Dim objCmd as New SqlCommand(strSQL, objConn)
13
14 '3. 创建参数
15 Dim paramUsername as SqlParameter
16 paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25)
17 paramUsername.Value = txtUsername.Text
18 objCmd.Parameters.Add(paramUsername)
19
20
21 '加密密码字段
22
23 **Dim md5Hasher as New MD5CryptoServiceProvider()
24
25 Dim hashedBytes as Byte()
26 Dim encoder as New UTF8Encoding()
27
28 hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text))
29
30 Dim paramPwd as SqlParameter
31 paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16)
32 paramPwd.Value = hashedBytes
33 objCmd.Parameters.Add(paramPwd)**
34
35
36 '插入数据库
37 objConn.Open()
38 objCmd.ExecuteNonQuery()
39 objConn.Close()
40
41 _'Redirect 其它页面_
42 End Sub
43 </script>
1<form runat="server">
2<h1>创建帐号:</h1>
3 用户名: <asp:textbox id="txtUsername" runat="server"></asp:textbox>
4
5
6 密码: <asp:textbox id="txtPwd" runat="server" textmode="Password"></asp:textbox>
7<p><asp:button onclick="CreateAccount" runat="server" text="创建用户"></asp:button></p>
8</form>
下面是对用户进行验证的ASP.NET代码:
```
@ Import Namespace="System.Security.Cryptography"
1 ```
2@ Import Namespace="System.Text"
```
@ Import Namespace="System.Data"
1 ```
2@ Import Namespace="System.Data.SqlClient"
1<script language="VB" runat="server">
2 Sub Login(sender as Object, e as EventArgs)
3 '1. 创建连接
4 Const strConnString as String
5 strConnString= "Data Source=.;Initial Catalog=test;User Id=sa;Password=;"
6 Dim objConn as New SqlConnection(strConnString)
7
8 '2. 创建Command对象
9 Dim strSQL as String = "SELECT COUNT(*) FROM UserAccount " & _
10 "WHERE Username=@Username AND Password=@Password"
11 Dim objCmd as New SqlCommand(strSQL, objConn)
12
13 '3. 创建参数
14 Dim paramUsername as SqlParameter
15 paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25)
16 paramUsername.Value = txtUsername.Text
17 objCmd.Parameters.Add(paramUsername)
18
19
20 '加密密码
21 Dim md5Hasher as New MD5CryptoServiceProvider()
22
23 Dim hashedDataBytes as Byte()
24 Dim encoder as New UTF8Encoding()
25
26 hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text))
27
28 Dim paramPwd as SqlParameter
29 paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16)
30 paramPwd.Value = hashedDataBytes
31 objCmd.Parameters.Add(paramPwd)
32
33
34 '执行查询
35 objConn.Open()
36 Dim iResults as Integer = objCmd.ExecuteScalar()
37 objConn.Close()
38
39 If iResults = 1 then
40 '合法
41 Else
42 '不合法
43 End If
44 End Sub
45 </script>
1<form runat="server">
2<h1>登录:</h1>
3 用户名:<asp:textbox id="txtUsername" runat="server"></asp:textbox>
4
5 密 码:<asp:textbox id="txtPwd" runat="server" textmode="Password"></asp:textbox>
6<p><asp:button onclick="Login" runat="server" text="登录"></asp:button>
7</p></form>
下面是MD5CryptoServiceProvider直接生成的例子:
```
@ Import Namespace="System.Security.Cryptography"
1 ```
2@ Import Namespace="System.Text"
1<script language="VB" runat="server">
2 Sub DisplayEncryptedText(sender as Object, e as EventArgs)
3 If Page.IsValid then
4 Dim md5Hasher as New MD5CryptoServiceProvider()
5
6 Dim hashedDataBytes as Byte()
7 Dim encoder as New UTF8Encoding()
8
9 hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text))
10
11 ltlResults.Text = "<b>Encrypted Results</b><br /> The results are encrypted into " & _
12 "an array of 16 bytes. These 16 bytes contain the values:<p><ul>"
13
14 Dim b as Byte
15 For Each b in hashedDataBytes
16 ltlResults.Text &= "<li>" & b & "</li>"
17 Next b
18
19 ltlResults.Text &= "</ul>"
20 End If
21 End Sub
22 </script>
1<form runat="server">
2 Enter a string:
3 <asp:textbox id="txtPassword" runat="server"></asp:textbox>
4<asp:requiredfieldvalidator controltovalidate="txtPassword" display="Dynamic" errormessage="<i>You must provide a value here...</i>" runat="server"></asp:requiredfieldvalidator>
5<asp:regularexpressionvalidator controltovalidate="txtPassword" display="Dynamic" errormessage="<i>The string must be 20 characters or less...</i>" runat="server" validationexpression="^.{1,20}$"></asp:regularexpressionvalidator>
6<br/>
7<asp:button onclick="DisplayEncryptedText" runat="server" text="View the String as Encrypted Text"></asp:button>
8<p>
9<asp:literal id="ltlResults" runat="server"></asp:literal>
10</p></form>