还有一个描述

时间:2013-03-20 07:46:45

标签: asp.net

最后一次是带有enc的pbl并将其存储在db中,现在pbl在dec中并且从db中检索数据它显示错误为

  

输入不是有效的Base-64字符串,因为它包含非基数64   字符,两个以上的填充字符或非空白字符   填充字符中的字符

代码就像这样

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Security.Cryptography;
using System.Data.SqlClient;


namespace WebApplication5
{
    public partial class WebForm4 : System.Web.UI.Page
    {
        SqlConnection connection;
        protected void Page_Load(object sender, EventArgs e)
        {
            connection = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString);
        }

        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            SqlConnection con1 = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString);
            con1.Open();
            SqlCommand cmd1 = new SqlCommand("select * from admin where USERNAME=@USERNAME and PASSWORD=@PASSWORD ", con1);
            cmd1.Parameters.AddWithValue("@username", txtUserName.Text);
            string strpassword = DecodeFrom64(txtPassword.Text);
            cmd1.Parameters.AddWithValue("@password", txtPassword.Text);
            SqlDataAdapter da = new SqlDataAdapter(cmd1);
            DataTable dt = new DataTable();
            da.Fill(dt);
            if (dt.Rows.Count > 0)
            {
                Response.Redirect("emplist.aspx");
            }
            else
            {
                ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
            }
            con1.Close();
        }
        protected void btnClear_Click(object sender, EventArgs e)
        {
            txtUserName.Text = "";
            txtPassword.Text = "";
        }
        public string DecodeFrom64(string encodedData)
        {
            System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
            System.Text.Decoder utf8Decode = encoder.GetDecoder();
            byte[] todecode_byte = Convert.FromBase64String(encodedData);
            int charCount = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
            char[] decoded_char = new char[charCount];
            utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
            string result = new String(decoded_char);
            return result;
        }

    }

}

1 个答案:

答案 0 :(得分:2)

很抱歉我不是Habib,但是

txtPassword.Text将输入用户输入的文字。用户大多数不输入Base64编码数据。假设用户输入的密码将是Base64编码是完全错误的。

摆脱这条线应该有帮助

string strpassword = DecodeFrom64(txtPassword.Text);

你以后似乎都没有使用它。

此外,如果要加密密码,请使用SHA等单向哈希。 Base64不会加密它。虽然文字不清晰,但很容易解码。

修改
要匹配编码密码,您需要对用户输入的密码进行编码,然后选择。

string strpassword = EncodeToBase64(txtPassword.Text);
cmd1.Parameters.AddWithValue("@password", strpassword);