我是一个CS专业,我刚刚完成了设计一个ASP.net站点,并为该网站我需要一个登录身份验证系统......我不想使用SQLMembershipProvider,因为我真的很想学习如何使自己成为一个...反正这就是我想出的,我想知道是否有人可以给我一些反馈,提示或建议。ASP.net身份验证
由于提前
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Security.Cryptography;
/// <summary>
/// Summary description for PwEncrypt
/// </summary>
public class PwEncrypt
{
public const int DefaultSaltSize = 5;
private static string CreateSalt()
{
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buffer = new byte[DefaultSaltSize];
rng.GetBytes(buffer);
return Convert.ToBase64String(buffer);
}
public static string CreateHash(string password, out string salt)
{
salt = CreateSalt();
string saltAndPassword = String.Concat(password, salt);
string hashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPassword, "SHA1");
hashedPassword = string.Concat(hashedPassword, salt);
return hashedPassword;
}
public static string CreateHashAndGetSalt(string password, string salt)
{
string saltAndPassword = String.Concat(password, salt);
string hashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPassword, "SHA1");
hashedPassword = string.Concat(hashedPassword, salt);
return hashedPassword;
}
public static bool comparePassword(string insertedPassword, string incUserName, out string newEncryptedPassword, out string originalPassword)
{
databaseInteraction DBI = new databaseInteraction();
string actualPassword ="";
string salt = "";
DBI.getSaltandPassword(incUserName, out salt, out actualPassword);
string hashedIncPassword = PwEncrypt.CreateHashAndGetSalt(insertedPassword, salt);
// hashedIncPassword = string.Concat(hashedIncPassword, salt);
newEncryptedPassword = hashedIncPassword;
originalPassword = actualPassword;
if (newEncryptedPassword == originalPassword)
{
return true;
}
else { return false; }
}
如果您想创建自定义成员资格提供程序,您首先必须从MemberShipProvider继承。如果你有一点谷歌,这是很好的记录。 –
不要试图推出自己的自定义身份验证和会话管理方案,或建立自己的控件,除非您没有别的选择。我只想做,不符合资格。一个有趣的阅读:http://www.troyhunt.com/2010/07/owasp-top-10-for-net-developers-part-3.html –
@ChristopheGeers Exactly ...你自己做这件事很麻烦,内置的MembershipProviders工作得很好,它们只能被配置为这样做。 – sinni800