How can I convert password string to Base64 string before sending form to backend?

时间:2016-08-31 18:33:49

标签: c# asp.net asp.net-mvc-4 razor

I have a sample registration form, it works properly for most cases, but when I try to register new user with password "U8$&#6G#CBj" I'm getting an exception "A potentially dangerous Request.Form value was detected from the client" My idea is to convert password to Base64 format before sending it to backend and on backend convert it back. How can I do it?

@using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
     {
        @Html.AntiForgeryToken()
        <h4>Use a local account to log in.</h4>
        <hr />
        @Html.ValidationSummary(true, "", new { @class = "text-danger" })
        <div class="form-group">
           @Html.LabelFor(m => m.Email, new { @class = "col-md-2 control-label" })
           <div class="col-md-10">
              @Html.TextBoxFor(m => m.Email, new { @class = "form-control" })
              @Html.ValidationMessageFor(m => m.Email, "", new { @class = "text-danger" })
           </div>
        </div>
        <div class="form-group">
           @Html.LabelFor(m => m.Password, new { @class = "col-md-2 control-label" })
           <div class="col-md-10">
              @Html.PasswordFor(m => m.Password, new { @class = "form-control" })
              @Html.ValidationMessageFor(m => m.Password, "", new { @class = "text-danger" })
           </div>
        </div>
        <div class="form-group">
           <div class="col-md-offset-2 col-md-10">
              <div class="checkbox">
                 @Html.CheckBoxFor(m => m.RememberMe)
                 @Html.LabelFor(m => m.RememberMe)
              </div>
           </div>
        </div>
        <div class="form-group">
           <div class="col-md-offset-2 col-md-10">
              <input type="submit" value="Log in" class="btn btn-default" />
           </div>
        </div>
        <p>
           @Html.ActionLink("Register as a new user", "Register")
        </p>
        @* Enable this once you have account confirmation enabled for password reset functionality *@
        <p>
           @Html.ActionLink("Forgot your password?", "ForgotPassword")
        </p>
     }

2 个答案:

答案 0 :(得分:1)

在前端部分的Alexei Levenkov和后端的Vidhyadhar Galande的帮助下,我解决了我的问题,这里是代码: 在View to form上我已经在提交事件上添加了这个javascript函数

function encode(){
        $('#Password').val(btoa($('#Password').val()));
        $('#ConfirmPassword').val(btoa($('#ConfirmPassword').val()));
    }

并在后端解码字符串:

private string DecodeFromBase64(string inputBas64)
{
    var base64EncodedBytesPassword = System.Convert.FromBase64String(model.Password);
    string password = System.Text.Encoding.UTF8.GetString(base64EncodedBytesPassword);
    return password;
}

答案 1 :(得分:0)

  

试试这个

1)base64(编码/解码)

 public static string base64Encode(string sData) // Encode
 {
   try
    {
       byte[] encData_byte = new byte[sData.Length];
       encData_byte = System.Text.Encoding.UTF8.GetBytes(sData);
       string encodedData = Convert.ToBase64String(encData_byte);
       return encodedData;
    }
   catch (Exception ex)
   {
       throw new Exception("Error in base64Encode" + ex.Message);
   }
 }

public static string base64Decode(string sData) //Decode
 {
    try
    {
      var encoder = new System.Text.UTF8Encoding();
      System.Text.Decoder utf8Decode = encoder.GetDecoder();
      byte[] todecodeByte = Convert.FromBase64String(sData);
      int charCount = utf8Decode.GetCharCount(todecodeByte, 0, todecodeByte.Length);
      [] decodedChar = new char[charCount];
      utf8Decode.GetChars(todecodeByte, 0, todecodeByte.Length, decodedChar, 0);
      string result = new String(decodedChar);
      return result;
   }
  catch (Exception ex)
   {
      throw new Exception("Error in base64Decode" + ex.Message);
    }
}
  

2)EncodePasswordMd5 

 public static string EncodePassword(string pass, string salt) //encrypt password
   {
      byte[] bytes = Encoding.Unicode.GetBytes(pass);
      byte[] src = Encoding.Unicode.GetBytes(salt);
      byte[] dst = new byte[src.Length + bytes.Length];
      System.Buffer.BlockCopy(src, 0, dst, 0, src.Length);
      System.Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
      HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
      byte[] inArray = algorithm.ComputeHash(dst);
      //return Convert.ToBase64String(inArray);
      return EncodePasswordMd5(Convert.ToBase64String(inArray));
   }
  public static string EncodePasswordMd5(string pass) //Encrypt using MD5
   {
      Byte[] originalBytes;
      Byte[] encodedBytes;
      MD5 md5;
      //Instantiate MD5CryptoServiceProvider, get bytes for original password and compute hash (encoded password)
      md5 = new MD5CryptoServiceProvider();
      originalBytes = ASCIIEncoding.Default.GetBytes(pass);
      encodedBytes = md5.ComputeHash(originalBytes);
      //Convert encoded bytes back to a 'readable' string
      return BitConverter.ToString(encodedBytes);
  }
  

@Using Namespace 

  using System;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Web;
相关问题
最新问题