如何使用ajax和javascript安全地将密码发送到服务器 [英] how to send password to the server securely using ajax and javascript
本文介绍了如何使用ajax和javascript安全地将密码发送到服务器的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
为了保护密码,我需要将密码安全地发送到服务器,但不要使用SSL或HTTPS.
我也使用AjaxPro将数据发送到服务器.
这是javascript代码:
in order to protect password I need to send password to the server securely but not to use SSL or HTTPS.
also I use AjaxPro to send data to the server.
Here is javascript code :
function checkPW(username, password)
{
//here I think password needs to be code
var res = AjaxMethods.Login(username, password)
}
这是C#代码
Here is c# code
[AjaxMethod()]
public bool Login(string username, string password)
{
//here I think password needs to be decode
return ChekingUsernameAndPassword(username, password);
}
提前谢谢.
关于Jamal.
Thanks in advance.
Regards Jamal.
推荐答案
如果您仅限客户端使用javascript,那么除非您使用SSL,否则它将永远不会安全.
您可以尝试使用一些javascript加密库(但是看起来似乎很安全)
If you''re limited to javascript on client side then it will never be secure unless you''re using SSL.
You could try some javascript encryption libs (but that will only seem like its secure)
Hi,
// I am not infavor of passwords is reversible... (encrypt/decrypt)
// I store password as bytes in table (users) then
// if ever retrieve it and compare as a bytes...
// Neglecting a down voting…
// So here is it...
private static byte[] encrypt(string dat)
{
System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] bytes = System.Text.Encoding.ASCII.GetBytes(dat);
bytes = md5.ComputeHash(bytes);
return bytes;
}
问候
Regards,
请参阅以下代码示例代码:
Hi,
See this sample code behind code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
public class User
{
public User()
{ }
public string UserId { get; set; }
public string UserName { get; set; }
public string PayorCode { get; set; }
public string Application { get; set; }
public string AccessLevel { get; set; }
public string ActivationDate { get; set; }
public string CreatedBy { get; set; }
public string Pwd { get; set; }
public string Status { get; set; }
}
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
User user = new User();
user.UserId = this.txtUserId.Text;
user.CreatedBy = this.txtUserId.Text;
user.Pwd = this.txtPassword.Text;
user.UserName = "Algem";
user.PayorCode = "FWB";
user.Application = "XP";
user.AccessLevel = "admin";
user.Status = "Y";
var pwd = Encrypt(user.Pwd, 14);
user.Pwd = pwd;
//var ok = InsertNewUser( user);
var userCredential = GetUserCredential(user.UserId, user.Pwd);
if (userCredential.UserId == null)
{
lblValidation.Text = "Invalid UserID or Password";
}
else if (user.Status != "Y")
{
lblValidation.Text = "Account is not yet activated";
}
else
{
lblValidation.Text = "Authenticated user. Go to main menu...";
// goto main menu...
}
}
public bool InsertNewUser(User user)
{
SqlCommand cmd = new SqlCommand();
bool success = true;
string sql = string.Empty;
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLConnection"].ToString());
conn.Open();
sql = "INSERT INTO users(UserId, UserName, Pwd, PayorCode, Application, AccessLevel,"
+ "Status,CreatedBy, ActivationDate) "
+ "VALUES("
+ "GetDate()) ";
using (cmd = new SqlCommand(sql, conn))
{
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
cmd.ExecuteNonQuery();
}
}
catch (Exception)
{
throw;
}
finally
{
cmd.Parameters.Clear();
cmd.Dispose();
}
return success;
}
private User GetUserCredential(string userId, string pwd)
{
SqlCommand cmd = new SqlCommand();
SqlConnection conn = new SqlConnection();
string UserSqlConnection = ConfigurationManager.ConnectionStrings["SQLConnection"].ToString();
string qry = "SELECT * FROM [TestDB].[dbo].[users] where UserId = '" + userId + "' and Pwd = '" + pwd + "'";
User user = new User();
try
{
using (conn = new SqlConnection(UserSqlConnection))
{
conn.Open();
using (cmd = new SqlCommand(qry, conn))
{
cmd.CommandType = CommandType.Text;
using (SqlDataReader dr = cmd.ExecuteReader())
{
if (dr.Read())
{
user.UserId = dr["UserId"].ToString();
user.UserName = dr["UserName"].ToString();
user.PayorCode = dr["PayorCode"].ToString();
user.AccessLevel = dr["AccessLevel"].ToString();
user.Application = dr["Application"].ToString();
}
}
}
}
}
catch (Exception ex)
{
throw ex;
}
return user;
}
private static string Encrypt(string dat, int keyNumber)
{
System.Security.Cryptography.MD5CryptoServiceProvider md5 =
new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] bytes = System.Text.Encoding.ASCII.GetBytes(dat);
bytes = md5.ComputeHash(bytes);
string pwd = string.Empty;
var arry = bytes.ToList();
for (int i = 0; i < arry.Count; i++)
{
try
{
pwd += (arry[i] / keyNumber).ToString();
}
catch (Exception)
{
throw;
}
}
return pwd;
}
}
这篇关于如何使用ajax和javascript安全地将密码发送到服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
