在c#和asp.net中的安全登录 [英] secure login in c# and asp.net

问题描述

嗨 我需要有关登录的帮助
如何在查询中加密用户名和密码并发送到sql以进行比较

解决方案

从不加密密码-参见此处: http://www.dijksterhuis.org/creating-salted-hash-values-in-c/ [ http://www.switchonthecode.com/tutorials/secure-authentication-不使用-ssl-using-javascript [ ^ ]

最后，身份验证机制是相同的:将散列(和加盐)的密码存储在db中，并根据身份验证请求，根据用户提供的密码生成新的散列，并比较结果.加密/拥有用户名没有实际用处.

hi i need help about login
how to encrypt username and password in query and send to sql for compare

解决方案

Never encrypt passwords - see here: Password Storage: How to do it.[^]

There are two aspects:
1) Storing passwords. As OriginalGriff''s article emphasizes, hashing is the key. But one should go even further: adding some salt to the hash (read this article: http://www.dijksterhuis.org/creating-salted-hash-values-in-c/[^])
2) The other aspect is that you can hash or salt or encrypt your stored password as you like, if you let the password travel as plain text through the internet. There is only one good solution: using https at least for the login postback (https is really resource expensive on server side).
If you have no means to use https You can add some hashing and/or encryption in javascript and c# to http, but that will have some limitations. See this article: http://www.switchonthecode.com/tutorials/secure-authentication-without-ssl-using-javascript[^]

At the end the authentication mechanism is the same: store the hashed (and salted) password in the db, and on authentication request generate a new hash from the password given by the user and compare the results. Encrypting/hasing the user name is of no real use.

这篇关于在c#和asp.net中的安全登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！