使用linq和实体框架的Mvc登录页面

时间:2015-09-19 08:20:51

标签: c# asp.net-mvc entity-framework linq

我有一个登录页面,它接受密码并与存储在数据库中的密码匹配,这些密码存储在平面文本中。在同一个表中,我有另一列,其中所有密码都以加密形式“SHA512”。所以我真正想做的是将用户输入密码与加密密码相匹配并进行登录操作。

` public ActionResult Login()
    {
        return View();
    }
    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult Login(CustomerCallerList c)
    {
        if (ModelState.IsValid)
        {
            using (AdcoDBEntities AdcoDB = new AdcoDBEntities())
            {
                var v = AdcoDB.CustomerCallerLists.Where(a => a.Name.Equals(c.Name) && a.Password.Equals(c.Password)).FirstOrDefault();
                if (v != null)
                {
                    Session["LoginID"] = v.ID.ToString();
                    Session["LoginUser"] = v.Name.ToString();
                    return RedirectToAction("AfterLogin");
                }
            }
        }
        return View(c);
    }`

这是我的控制器,用于将其与平面文本密码匹配。

我的观点看起来像这样

`@model MvcWebSite.Models.CustomerCallerList

 @{
    ViewBag.Title = "Login";
  }

<h2>Login</h2>
@using (Html.BeginForm("Login","Home",FormMethod.Post))
{
  @Html.AntiForgeryToken() //this is for prevent CSRF attack
  @Html.ValidationSummary(true)
  if (@ViewBag.Message != null)
 { 
 <div>
    @ViewBag.Message
 </div>
}
<table>
    <tr>
        <td>@Html.LabelFor(a=>a.Name)</td>
        <td>@Html.TextBoxFor(a=>a.Name)</td>
        <td>@Html.ValidationMessageFor(a=>a.Name)</td>
    </tr>
    <tr>
        <td>@Html.LabelFor(a=>a.Password)</td>
        <td>@Html.TextBoxFor(a=>a.Password)</td>
        <td>@Html.ValidationMessageFor(a=>a.Password)</td>
    </tr>
    <tr>
        <td></td>
        <td>
            <input type="submit" value="Login" />
        </td>
    </tr>
</table>
}
 @section Scripts{
 @Scripts.Render("~/bundles/jqueryval")
 }'

这是用于与加密列匹配的已更改代码

` public ActionResult Login(CustomerCallerList c)
    {
        if (ModelState.IsValid)
        {
            using (AdcoDBEntities AdcoDB = new AdcoDBEntities())
            {
                var passwordBytes = Encoding.UTF8.GetBytes(c.PasswordSHA);
                byte[] hashBytes;
                using (var sha = new SHA512Managed())
                {
                    hashBytes = sha.ComputeHash(passwordBytes);
                }
                var sb = new StringBuilder(hashBytes.Length * 2);
                foreach (var b in hashBytes)
                    sb.AppendFormat("{0:x2}", b);
                var hashStr = sb.ToString();
                var v = AdcoDB.CustomerCallerLists.Where(a => a.Name.Equals(c.Name) && a.Password.Equals(hashStr)).FirstOrDefault();
                if (v != null)
                {
                    Session["LoginID"] = v.ID.ToString();
                    Session["LoginUser"] = v.Name.ToString();
                    return RedirectToAction("AfterLogin");
                }
            }
        }
        return View(c);
    }`

1 个答案:

答案 0 :(得分:2)

使用以下代码计算密码的SHA512哈希值:

var passwordBytes = Encoding.UTF8.GetBytes(c.password);
byte[] hashBytes;
using (var sha = new SHA512Managed()) {
  hashBytes = sha.ComputeHash(passwordBytes);
}

如果您的加密密码存储为十六进制字符串,请使用以下代码将hashBytes转换为字符串:

var sb = new StringBuilder(hashBytes.Length * 2);
foreach (var b in hashBytes)
  sb.AppendFormat("{0:x2}", b);
var hashStr = sb.ToString();

然后,您可以将hashByteshashStr与加密密码列匹配,方法是将a.Password.Equals(c.Password)替换为适当的内容。

相关问题
最新问题