using System.Security.Cryptography; ...byte[] MD5hash (byte[] data) { // This is one implementation of the abstract class MD5. MD5 md5 = new MD5CryptoServiceProvider(); byte[] result = md5.ComputeHash(data); return result; }
Encrypting Passwords with ASP.NETSrinivas Sivakumar February 25, 2001Level: BeginnerWhenever we build database driven personalized web sites, it is necessary that we protect user data. Although hackers can hack passwords of individuals, the worse problem is someone stealing the entire database and hence all the passwords at once.A good practice is to not store the actual passwords in the databases, but their encrypted versions. When we want to authenticate users, we simply encrypt the user password again, and compare it with the encrypted passwords in the system.In ASP, we will have to use external objects to encrypt strings. The .NET SDK solves this problem by providing the method HashPasswordForStoringInConfigFile in the CookieAuthentication class available in the System.Web.Security namespace. The purpose of this method, as it suggests, is to encrypt passwords for storing in configuration files and even cookies.The HashPasswordForStoringInConfigFile method is very simple to use and it supports "SHA1" and "MD5" hashing algorithms for encrypting strings. To see the power of "HashPasswordForStoringInConfigFile" method, let us create a small ASP.NET page and encrypt the input strings in SHA1 and MD5 format. Here is the source for such an ASP.NET page.<%@ Import Namespace="System.Web.Security" %> <html> <head> <script language="VB" runat=server> ' This function encrypts the input string using the SHA1 and MD5 ' encryption algorithms Sub encryptString(Src As Object, E As EventArgs) SHA1.Text = CookieAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1") MD5.Text = CookieAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "MD5") End Sub </script> </head> <body><form runat=server><p><b>Original Clear Text Password: </b><br> <asp:Textbox id="txtPassword" runat=server /> <asp:Button runat="server" text="Encrypt String" onClick="encryptString" /></p><p><b>Encrypted Password In SHA1: </b> <asp:label id="SHA1" runat=server /></p><p><b>Encrypted Password In MD5: </b> <asp:label id="MD5" runat=server /></p></form></body> </html>Demo this codeAs you can see encrypting the password is very easy. We can also wrap this functionality in a function and reuse it as you wish.Function EncryptPassword (PasswordString as String, PasswordFormat as String) as String If PasswordFormat = "SHA1" then EncryptPassword = CookieAuthentication.HashPasswordForStoringInConfigFile(PasswordString, "SHA1") Elseif PasswordFormat = "MD5" then EncryptPassword= CookieAuthentication.HashPasswordForStoringInConfigFile(PasswordString, "MD5") Else EncryptPassword = "" End if End Function Using encryption in your database AppsWhenever you add a user record to the database, use the function to encrypt the password and insert the password as encrypted string in the database. When the user is logging in to your site, encrypt the password entered by the user using this function and compare it with the one retrieved from the database.别人的代码,我粘过来的。
using System.Security.Cryptography;
...byte[] MD5hash (byte[] data)
{
// This is one implementation of the abstract class MD5.
MD5 md5 = new MD5CryptoServiceProvider(); byte[] result = md5.ComputeHash(data); return result;
}
我目前主要的作用是数据的加密存储。 谢谢。
February 25, 2001Level: BeginnerWhenever we build database driven personalized web sites, it is necessary that we protect user data. Although hackers can hack passwords of individuals, the worse problem is someone stealing the entire database and hence all the passwords at once.A good practice is to not store the actual passwords in the databases, but their encrypted versions. When we want to authenticate users, we simply encrypt the user password again, and compare it with the encrypted passwords in the system.In ASP, we will have to use external objects to encrypt strings. The .NET SDK solves this problem by providing the method HashPasswordForStoringInConfigFile in the CookieAuthentication class available in the System.Web.Security namespace. The purpose of this method, as it suggests, is to encrypt passwords for storing in configuration files and even cookies.The HashPasswordForStoringInConfigFile method is very simple to use and it supports "SHA1" and "MD5" hashing algorithms for encrypting strings. To see the power of "HashPasswordForStoringInConfigFile" method, let us create a small ASP.NET page and encrypt the input strings in SHA1 and MD5 format. Here is the source for such an ASP.NET page.<%@ Import Namespace="System.Web.Security" %>
<html>
<head>
<script language="VB" runat=server>
' This function encrypts the input string using the SHA1 and MD5
' encryption algorithms
Sub encryptString(Src As Object, E As EventArgs)
SHA1.Text = CookieAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1")
MD5.Text = CookieAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "MD5")
End Sub
</script>
</head>
<body><form runat=server><p><b>Original Clear Text Password: </b><br>
<asp:Textbox id="txtPassword" runat=server />
<asp:Button runat="server" text="Encrypt String" onClick="encryptString" /></p><p><b>Encrypted Password In SHA1: </b>
<asp:label id="SHA1" runat=server /></p><p><b>Encrypted Password In MD5: </b>
<asp:label id="MD5" runat=server /></p></form></body>
</html>Demo this codeAs you can see encrypting the password is very easy. We can also wrap this functionality in a function and reuse it as you wish.Function EncryptPassword (PasswordString as String, PasswordFormat as String) as String
If PasswordFormat = "SHA1" then
EncryptPassword = CookieAuthentication.HashPasswordForStoringInConfigFile(PasswordString, "SHA1")
Elseif PasswordFormat = "MD5" then
EncryptPassword= CookieAuthentication.HashPasswordForStoringInConfigFile(PasswordString, "MD5")
Else
EncryptPassword = ""
End if
End Function
Using encryption in your database AppsWhenever you add a user record to the database, use the function to encrypt the password and insert the password as encrypted string in the database. When the user is logging in to your site, encrypt the password entered by the user using this function and compare it with the one retrieved from the database.别人的代码,我粘过来的。
但是我如果要存储一些必须还原的数据,我该如何来处理呢?我希望用rsa方式,但不知道能不能实现出来...
RSACryptoServiceProvider.Decrypt()
RSACryptoServiceProvider.Encrypt()
自己看看参数说明