asp.net"记住"曲奇饼 [英] asp.net "Remember Me" cookie
问题描述
我已经实现记得我在我的asp.net Web窗体选项可以使用此,
I have implemented remember me option in my asp.net webform by using this,
protected void LBtnSubmit_Click(object sender, EventArgs e)
{
if (this.ChkRememberme != null && this.ChkRememberme.Checked == true)
{
HttpCookie cookie = new HttpCookie(TxtUserName.Text, TxtPassword.Text);
cookie.Expires.AddYears(1);
Response.Cookies.Add(cookie);
}
}
我是这样做的正确方法?任何建议..我使用Windows身份验证,我不使用asp.net成员 ..
推荐答案
而不是直接存储在cookie中的用户名和密码,存储用户名和密码的哈希,并在cookie中的盐,那么当你验证饼干,对于给定的用户名找回密码,重新创建的密码和相同的盐哈希并进行比较。
Rather than directly storing the username and password in the cookie, store the username and a hash of the password and a salt in the cookie, then when you authenticate the cookie, retrieve the password for the given username, re-create the hash with the password and the same salt and compare them.
创建哈希值是作为一个串起来存放的密码和盐值,将字符串转换为字节数组,计算字节数组的哈希值(使用MD5或任何你preFER),并转换为简单(可能通过base64编码)生成的散列为一个字符串。
Creating the hash is as simple as storing the password and salt values together in a string, converting the string to a byte array, computing the hash of the byte array (using MD5 or whatever you prefer) and converting the resulting hash to a string (probably via base64 encoding).
下面是一些例子code:
Here's some example code:
// Create a hash of the given password and salt.
public string CreateHash(string password, string salt)
{
// Get a byte array containing the combined password + salt.
string authDetails = password + salt;
byte[] authBytes = System.Text.Encoding.ASCII.GetBytes(authDetails);
// Use MD5 to compute the hash of the byte array, and return the hash as
// a Base64-encoded string.
var md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] hashedBytes = md5.ComputeHash(authBytes);
string hash = Convert.ToBase64String(hashedBytes);
return hash;
}
// Check to see if the given password and salt hash to the same value
// as the given hash.
public bool IsMatchingHash(string password, string salt, string hash)
{
// Recompute the hash from the given auth details, and compare it to
// the hash provided by the cookie.
return CreateHash(password, salt) == hash;
}
// Create an authentication cookie that stores the username and a hash of
// the password and salt.
public HttpCookie CreateAuthCookie(string username, string password, string salt)
{
// Create the cookie and set its value to the username and a hash of the
// password and salt. Use a pipe character as a delimiter so we can
// separate these two elements later.
HttpCookie cookie = new HttpCookie("YourSiteCookieNameHere");
cookie.Value = username + "|" + CreateHash(password, salt);
return cookie;
}
// Determine whether the given authentication cookie is valid by
// extracting the username, retrieving the saved password, recomputing its
// hash, and comparing the hashes to see if they match. If they match,
// then this authentication cookie is valid.
public bool IsValidAuthCookie(HttpCookie cookie, string salt)
{
// Split the cookie value by the pipe delimiter.
string[] values = cookie.Value.Split('|');
if (values.Length != 2) return false;
// Retrieve the username and hash from the split values.
string username = values[0];
string hash = values[1];
// You'll have to provide your GetPasswordForUser function.
string password = GetPasswordForUser(username);
// Check the password and salt against the hash.
return IsMatchingHash(password, salt, hash);
}
这篇关于asp.net"记住"曲奇饼的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
