加密密码以解密asp.net中的密码 [英] encrypted password to decrypt password in asp.net
本文介绍了加密密码以解密asp.net中的密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["dbConnection"].ToString());
SqlCommand cmd = new SqlCommand();
SqlDataAdapter adp = new SqlDataAdapter();
con.Open();
try
{
adp=new SqlDataAdapter(@"select convert(varchar(10),DECRYPTBYPASSPHRASE(''12'',Password))AS Pwd
From UserAccount where UserName=@username",con);
adp.SelectCommand.Parameters.AddWithValue("@username",txtPwd.Text);
DataSet ds=new DataSet();
adp.Fill(ds);
if (ds.Tables[0].Rows.Count == 0)
{
lblMessage.Text = "Invalid user";
txtUserName.Text = "";
txtPwd.Text = "";
return;
}
string str = (ds.Tables[0].Rows[0]["pwd"]).ToString();
byte[] bytes = UTF8Encoding.ASCII.GetBytes(str);
string str2 = UTF8Encoding.ASCII.GetString(bytes);
Console.WriteLine(str2);
if (str2 != txtPwd.Text)
{
lblMessage.Text = "Invalid Password";
txtPwd.Text = "";
txtUserName.Text = "";
return;
}
else
{
cmd=new SqlCommand(@"select UserName,convert(varchar(10),DECRYPTBYPASSPHRASE(''12'',Password))AS Pwd
From UserAccount where UserName=@username and Password=@password",con);
cmd.Parameters.AddWithValue("@username", txtUserName.Text);
cmd.Parameters.AddWithValue("@password", str2);
DataSet ds1 = new DataSet();
adp.Fill(ds1);
if (ds1.Tables[0].Rows.Count == 0)
{
lblMessage.Text = "Invalid Userid or Password";
txtUserName.Text = "";
txtPwd.Text = "";
}
else
{
Response.Redirect("Welcome.aspx");
lblMessage.Text = "";
}
}
}
catch {
txtUserName.Text = "";
txtPwd.Text = "";
}
txtUserName.Text = "";
txtPwd.Text = "";
}
谁能帮我..这段代码有什么问题..coz从数据库的nt访问..它显示错误为无效密码...
can anyone help me..whats wrong in this code..coz from data base its nt accessing..it showing error as invalid Password ...
推荐答案
简单数据比较在这里不起作用.
Simple data comparision will not work here.
select UserName,convert(varchar(10),DECRYPTBYPASSPHRASE('12',Password))AS Pwd
From UserAccount where UserName=@username and Password=@password
更改为
Change above to
select UserName,convert(varchar(10),DECRYPTBYPASSPHRASE('12',Password))AS Pwd
From UserAccount where UserName=@username and convert(varchar(50),DECRYPTBYPASSPHRASE('12',password))=@password
Create TABLE myUsers (user_id varchar(20), user_password varbinary(100));
Insert into myUsers values ('firstuser', EncryptByPassPhrase('12','pass'))
Insert into myUsers values ('seconduser', EncryptByPassPhrase('12','pass2'))
select * from myUsers
select * from myUsers Where user_id = 'firstuser'
and convert(varchar(50),DECRYPTBYPASSPHRASE('12',user_password)) = 'pass'
整个解密密码的想法是完全错误的.永远不要解密密码;在任何地方,任何一方都没有.绝对没有必要,这很危险.所有安全密码技术都使用此简单事实.您需要比较用于身份验证的加密密码表示形式,而不是原始密码.
—SA
The whole idea of decrypting a password is totally wrong. A password should never be decrypted; nowhere, by none of the parties. It is absolutely not needed and is dangerous. All safe password techniques use this simple fact. You need to compare encrypted presentation of password for authentication, never original passwords.
—SA
这篇关于加密密码以解密asp.net中的密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
