我是一個CS專業,我剛剛完成了設計一個ASP.net站點,併爲該網站我需要一個登錄身份驗證系統......我不想使用SQLMembershipProvider,因爲我真的很想學習如何使自己成爲一個...反正這就是我想出的,我想知道是否有人可以給我一些反饋,提示或建議。ASP.net身份驗證
由於提前
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Security.Cryptography;
/// <summary>
/// Summary description for PwEncrypt
/// </summary>
public class PwEncrypt
{
public const int DefaultSaltSize = 5;
private static string CreateSalt()
{
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buffer = new byte[DefaultSaltSize];
rng.GetBytes(buffer);
return Convert.ToBase64String(buffer);
}
public static string CreateHash(string password, out string salt)
{
salt = CreateSalt();
string saltAndPassword = String.Concat(password, salt);
string hashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPassword, "SHA1");
hashedPassword = string.Concat(hashedPassword, salt);
return hashedPassword;
}
public static string CreateHashAndGetSalt(string password, string salt)
{
string saltAndPassword = String.Concat(password, salt);
string hashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPassword, "SHA1");
hashedPassword = string.Concat(hashedPassword, salt);
return hashedPassword;
}
public static bool comparePassword(string insertedPassword, string incUserName, out string newEncryptedPassword, out string originalPassword)
{
databaseInteraction DBI = new databaseInteraction();
string actualPassword ="";
string salt = "";
DBI.getSaltandPassword(incUserName, out salt, out actualPassword);
string hashedIncPassword = PwEncrypt.CreateHashAndGetSalt(insertedPassword, salt);
// hashedIncPassword = string.Concat(hashedIncPassword, salt);
newEncryptedPassword = hashedIncPassword;
originalPassword = actualPassword;
if (newEncryptedPassword == originalPassword)
{
return true;
}
else { return false; }
}
如果您想創建自定義成員資格提供程序,您首先必須從MemberShipProvider繼承。如果你有一點谷歌,這是很好的記錄。 –
不要試圖推出自己的自定義身份驗證和會話管理方案,或建立自己的控件,除非您沒有別的選擇。我只想做,不符合資格。一個有趣的閱讀:http://www.troyhunt.com/2010/07/owasp-top-10-for-net-developers-part-3.html –
@ChristopheGeers Exactly ...你自己做這件事很麻煩,內置的MembershipProviders工作得很好,它們只能被配置爲這樣做。 – sinni800