保存登陆信息 怎样把登陆信息比较安全的保存起来? 比如说保存1周 1月这些都是用cookie么? 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 对cookie编码。设置过期时间。客户端保存数据本身就是不安全的。 对cookie编码。设置过期时间。 cookie本身就是客户端,安全性没法保证。如果真要安全,直接存数据库去 如果要在客户端存的话,也只能用cookie最好了,但是无法保证安全性,如果要安全的话,只能存在数据库中的除非你在前台加密,不过就算是加密也不十分安全,而且没有必要 cookie 加密 , 想实现自动登录吗? 使用Cookies编码加密存储,或者直接把登陆信息,编码加密,写入客户端注册表中,每次访问网页的时候,在去读客户端的Cookies或者注册表 用cookie可以的。。我一直用的 保存在cookie,密码加密。登录时解密跟数据库密码比较。以前用DES做过using System;using System.Data;using System.Configuration;using System.Web;using System.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls;using System.Security.Cryptography;using System.Text;using System.IO;/// <summary>/// 密码安全类/// </summary>public class SafeUtil{ private string iv = "12345678"; //种子,要改 private string key = "12345678"; //加密密钥,要改 private Encoding encoding = new UnicodeEncoding(); private DES des = null; /// <summary> /// 构造函数 /// </summary> public SafeUtil() { des = new DESCryptoServiceProvider(); } /// <summary> /// 设置或获取加密密钥 /// </summary> public string EncryptKey { set { this.key = value; } } /// <summary> /// 要加密字符的编码格式 /// </summary> public Encoding EncodingMode { get { return this.encoding; } set { this.encoding = value; } } /// <summary> /// 加密字符串并返回加密后的结果 /// </summary> /// <param name="str"></param> /// <returns></returns> public string EncryptString(string str) { byte[] ivb = Encoding.ASCII.GetBytes(this.iv); byte[] keyb = Encoding.ASCII.GetBytes(this.key); byte[] toEncrypt = this.EncodingMode.GetBytes(str); byte[] encrypted; ICryptoTransform encrypyor = des.CreateEncryptor(keyb,ivb); MemoryStream msEncrypt = new MemoryStream(); CryptoStream csEncrypt = new CryptoStream(msEncrypt, encrypyor, CryptoStreamMode.Write); csEncrypt.Write(toEncrypt, 0, toEncrypt.Length); csEncrypt.FlushFinalBlock(); encrypted = msEncrypt.ToArray(); csEncrypt.Close(); msEncrypt.Close(); return Convert.ToBase64String(encrypted); } /// <summary> /// 解密给定的字符串 /// </summary> /// <param name="str"></param> /// <returns></returns> public string DecryptString(string str) { byte[] ivb = Encoding.ASCII.GetBytes(this.iv); byte[] keyb = Encoding.ASCII.GetBytes(this.key); byte[] toDecrypt = Convert.FromBase64String(str); byte[] deCrypted = new byte[toDecrypt.Length]; ICryptoTransform encrypyor = des.CreateEncryptor(keyb, ivb); MemoryStream msDecrypt = new MemoryStream(toDecrypt); CryptoStream csDecrypt = new CryptoStream(msDecrypt, encrypyor, CryptoStreamMode.Read); try { csDecrypt.Read(deCrypted, 0, deCrypted.Length); } catch (Exception err) { throw new ApplicationException(err.Message); } finally { try { msDecrypt.Close(); csDecrypt.Close(); } catch { ;} } return this.EncodingMode.GetString(deCrypted); }} Cookies .....设置过期时间如果要安全就加密。 应该还是Cookie吧,设置过期时间 对cookie编码。设置过期时间。客户端保存数据本身就是不安全的。 用profile个性化,集合session和cookie的优点 老是发源码,感觉怪怪的...后台的代码,有注释的地方可以参考下 using System;using System.Data;using System.Configuration;using System.Collections;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls;using CardShop.BLL;using CardShop.Models;public partial class UserLogin : System.Web.UI.Page{ protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { //读取cookie if (Request.Cookies["UserInfo"] != null) { Users user = new Users(); user.LoginID = Server.HtmlEncode(Request.Cookies["UserInfo"]["userName"]); user.LoginPass = Server.HtmlEncode(Request.Cookies["UserInfo"]["userPassword"]); CheckLogin(user); } } } protected void btnsub_Click(object sender, EventArgs e) { if (txtcode.Text.Trim().ToLower() == Session["code"].ToString().ToLower()) { if (IsValid) { Users user = new Users(); user.LoginID = txtusername.Text.Trim(); string tempPwd = txtpassword.Text.Trim(); //加密 SafeUtil safe = new SafeUtil(); user.LoginPass = safe.EncryptString(tempPwd); CheckLogin(user); } } else { Page.ClientScript.RegisterStartupScript(this.GetType(), "fail", "<script>alert('验证码输入有误!')</script>"); txtcode.Focus(); } } protected void CheckLogin(Users user) { string uid = UsersManager.ValidateLogin(user); if (uid != "") { txtpassword.Text = string.Empty; //写入cookie if (cbRemember.Checked) { HttpCookie aCookie = Request.Cookies["UserInfo"]; if (aCookie == null) { aCookie = new HttpCookie("UserInfo"); } aCookie.Values["userName"] = txtusername.Text; aCookie.Values["userPassword"] = user.LoginPass; aCookie.Values["lastVisit"] = DateTime.Now.ToString(); aCookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(aCookie); } user.Id = uid; user.LoginPass = string.Empty; Session["UserInfo"] = user; string page = string.Empty; if (Request.QueryString["Page"] != null) { page = Request.QueryString["Page"]; } //... } else { Page.ClientScript.RegisterStartupScript(this.GetType(), "success", "<script>alert('用户名或者密码错误!')</script>"); } } protected void btnrel_Click(object sender, EventArgs e) { Response.Redirect("~/index.aspx"); }} 要是客户端把cookie删除了呢? 求助 我在a页面点击文本框 然后弹出b页面。。。。 查询sqlserver表 网页中图片变换,并且出现1234如何实现? 如何让程序从Literal里面点击某个连接 关于移动web窗体的List绑定数据问题 如何把XML+XSL转换成为HTML???急!!!!! 水晶报表可以套打吗? 这代码有什么错误!!!!!!!!!!!!!!!!!!! vs.net2003设置问题 SQL 数据恢复问题。 DATAGRID导出到EXCEL表格问题 按enter鍵時執行指定button的事件
设置过期时间。客户端保存数据本身就是不安全的。
设置过期时间。
cookie 加密 , 想实现自动登录吗?
保存在cookie,密码加密。登录时解密跟数据库密码比较。以前用DES做过
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography;
using System.Text;
using System.IO;/// <summary>
/// 密码安全类
/// </summary>
public class SafeUtil
{
private string iv = "12345678"; //种子,要改
private string key = "12345678"; //加密密钥,要改
private Encoding encoding = new UnicodeEncoding();
private DES des = null; /// <summary>
/// 构造函数
/// </summary>
public SafeUtil()
{
des = new DESCryptoServiceProvider();
} /// <summary>
/// 设置或获取加密密钥
/// </summary>
public string EncryptKey
{
set { this.key = value; }
} /// <summary>
/// 要加密字符的编码格式
/// </summary>
public Encoding EncodingMode
{
get { return this.encoding; }
set { this.encoding = value; }
} /// <summary>
/// 加密字符串并返回加密后的结果
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public string EncryptString(string str)
{
byte[] ivb = Encoding.ASCII.GetBytes(this.iv);
byte[] keyb = Encoding.ASCII.GetBytes(this.key);
byte[] toEncrypt = this.EncodingMode.GetBytes(str);
byte[] encrypted;
ICryptoTransform encrypyor = des.CreateEncryptor(keyb,ivb);
MemoryStream msEncrypt = new MemoryStream();
CryptoStream csEncrypt = new CryptoStream(msEncrypt, encrypyor, CryptoStreamMode.Write);
csEncrypt.Write(toEncrypt, 0, toEncrypt.Length);
csEncrypt.FlushFinalBlock();
encrypted = msEncrypt.ToArray();
csEncrypt.Close();
msEncrypt.Close();
return Convert.ToBase64String(encrypted);
} /// <summary>
/// 解密给定的字符串
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public string DecryptString(string str)
{
byte[] ivb = Encoding.ASCII.GetBytes(this.iv);
byte[] keyb = Encoding.ASCII.GetBytes(this.key);
byte[] toDecrypt = Convert.FromBase64String(str);
byte[] deCrypted = new byte[toDecrypt.Length];
ICryptoTransform encrypyor = des.CreateEncryptor(keyb, ivb);
MemoryStream msDecrypt = new MemoryStream(toDecrypt);
CryptoStream csDecrypt = new CryptoStream(msDecrypt, encrypyor, CryptoStreamMode.Read);
try
{
csDecrypt.Read(deCrypted, 0, deCrypted.Length);
}
catch (Exception err)
{
throw new ApplicationException(err.Message);
}
finally
{
try
{
msDecrypt.Close();
csDecrypt.Close();
}
catch { ;}
}
return this.EncodingMode.GetString(deCrypted);
}
}
设置过期时间。客户端保存数据本身就是不安全的。
老是发源码,感觉怪怪的...
后台的代码,有注释的地方可以参考下
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using CardShop.BLL;
using CardShop.Models;public partial class UserLogin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
//读取cookie
if (Request.Cookies["UserInfo"] != null)
{
Users user = new Users();
user.LoginID = Server.HtmlEncode(Request.Cookies["UserInfo"]["userName"]);
user.LoginPass = Server.HtmlEncode(Request.Cookies["UserInfo"]["userPassword"]);
CheckLogin(user);
}
}
}
protected void btnsub_Click(object sender, EventArgs e)
{
if (txtcode.Text.Trim().ToLower() == Session["code"].ToString().ToLower())
{
if (IsValid)
{
Users user = new Users();
user.LoginID = txtusername.Text.Trim();
string tempPwd = txtpassword.Text.Trim();
//加密
SafeUtil safe = new SafeUtil();
user.LoginPass = safe.EncryptString(tempPwd);
CheckLogin(user);
}
}
else
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "fail", "<script>alert('验证码输入有误!')</script>");
txtcode.Focus();
} } protected void CheckLogin(Users user)
{
string uid = UsersManager.ValidateLogin(user);
if (uid != "")
{
txtpassword.Text = string.Empty;
//写入cookie
if (cbRemember.Checked)
{
HttpCookie aCookie = Request.Cookies["UserInfo"];
if (aCookie == null)
{
aCookie = new HttpCookie("UserInfo");
}
aCookie.Values["userName"] = txtusername.Text;
aCookie.Values["userPassword"] = user.LoginPass;
aCookie.Values["lastVisit"] = DateTime.Now.ToString();
aCookie.Expires = DateTime.Now.AddDays(14);
Response.Cookies.Add(aCookie);
}
user.Id = uid;
user.LoginPass = string.Empty;
Session["UserInfo"] = user;
string page = string.Empty;
if (Request.QueryString["Page"] != null)
{
page = Request.QueryString["Page"];
}
//...
}
else
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "success", "<script>alert('用户名或者密码错误!')</script>");
}
} protected void btnrel_Click(object sender, EventArgs e)
{
Response.Redirect("~/index.aspx");
}
}