大家好,我可能会提前花时间和你的任何答案。好吧,我一直面临这个问题,因为很长一段时间我已经分配在ASP.Net mvc和我有密码的加密和解密问题的网站,加密其工作非常好,并在用户时将密码转为哈希registor但我试图获取哈希字符串和解密当用户尝试登录但解密功能不起作用并给我错误。
用户控制中的:
public string Decrypt(string cipherString)
{
string EncryptionKey = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
//cipherString = "62KO b2aMA8=";
int mm = cipherString.Replace(" ", "").Length % 4;
if (mm > 0)
{
cipherString += new string('=', 4 - mm);
}
byte[] cipherBytes = Convert.FromBase64String(cipherString);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close(); //here the error show up
}
cipherString = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherString;
}
在这里我将dcrypt称为登录
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(User objUser, string returnUrl)
{
System.Diagnostics.Debug.WriteLine(ModelState.IsValid);
objUser.Password = Decrypt(objUser.Password);
{
@ViewBag.Message = objUser.UserName;
var obj = db.User.Where(a => a.UserName.Equals(objUser.UserName) && a.Password.Equals(objUser.Password)).FirstOrDefault();
if (obj != null)
{
Session["UserID"] = obj.UserID.ToString();
Session["UserName"] = obj.UserName.ToString();
return RedirectToAction("UserShow");
}
}
@ViewBag.Message = "Error , you had insert wrong password or WIW Name";
return View(objUser);
}
public ActionResult UserShow()
{
if (Session["UserID"] != null)
{
System.Diagnostics.Debug.WriteLine(Session["UserName"]);
return View("Login");
}
else
{
return RedirectToAction("Login");
}
}
所以你可以帮我找到问题plzzzzz :(
答案 0 :(得分:1)
存储密码的最佳方式是使用以下技术。
现在,无论何时您需要验证密码,您都将使用以下过程:
答案 1 :(得分:-1)
正如Kell所说,存储“清除”密码是一种糟糕的方式。您保存加密密码,然后当用户输入123456作为密码时,您加密他/她的输入并将其与存储的加密密码进行比较。