教你用MD5加密数据库中的密码

.net提供了进行数据加密类,下面就用例子进行说明如何使用MD5进行数据加密。
  
  首先,创建一个UserAccount表,字段两个:UserName和Password,类型分别为varchar(25)和binary(16),下面的ASP.NET代码就是创建用户时的具体实现:
  
  <%@ Import Namespace="System.Security.Cryptography" %>
  <%@ Import Namespace="System.Text" %>
  <%@ Import Namespace="System.Data" %>
  <%@ Import Namespace="System.Data.SqlClient" %>
  <script runat="server" language="VB">
   Sub CreateAccount(sender as Object, e as EventArgs)
   '1. 创建连接
   Const strConnString as String
   strConnString= "Data Source=.;Initial Catalog=test;User Id=sa;Password=;"
   Dim objConn as New SqlConnection(strConnString)
  
   '2. 创建Command对象
   Dim strSQL as String = _
   "INSERT INTO UserAccount(Username,Password) " & _
   "VALUES(@Username, @Password)"
   Dim objCmd as New SqlCommand(strSQL, objConn)
  
   '3. 创建参数
   Dim paramUsername as SqlParameter
   paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25)
   paramUsername.Value = txtUsername.Text
   objCmd.Parameters.Add(paramUsername)
  
  
   '加密密码字段
  
   Dim md5Hasher as New MD5CryptoServiceProvider()
  
   Dim hashedBytes as Byte()
   Dim encoder as New UTF8Encoding()
  
   hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text))
  
   Dim paramPwd as SqlParameter
   paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16)
   paramPwd.Value = hashedBytes
   objCmd.Parameters.Add(paramPwd)
  
  
   '插入数据库
   objConn.Open()
   objCmd.ExecuteNonQuery()
   objConn.Close()
  
   'Redirect 其它页面
   End Sub
  </script>
  
  <form runat="server">
   <h1>创建帐号:</h1>
   用户名: <asp:TextBox runat="server" id="txtUsername"/>
   <br/>
   密码: <asp:TextBox runat="server" id="txtPwd" TextMode="Password"/>
   <p><asp:Button runat="server" Text="创建用户" OnClick="CreateAccount"/></p>
  </form>
  
  下面是对用户进行验证的ASP.NET代码:
  
  
  <%@ Import Namespace="System.Security.Cryptography" %>
  <%@ Import Namespace="System.Text" %>
  <%@ Import Namespace="System.Data" %>
  <%@ Import Namespace="System.Data.SqlClient" %>
  <script runat="server" language="VB">
   Sub Login(sender as Object, e as EventArgs)
   '1. 创建连接
   Const strConnString as String
   strConnString= "Data Source=.;Initial Catalog=test;User Id=sa;Password=;"
   Dim objConn as New SqlConnection(strConnString)
  
   '2. 创建Command对象
   Dim strSQL as String = "SELECT COUNT(*) FROM UserAccount " & _
   "WHERE Username=@Username AND Password=@Password"
   Dim objCmd as New SqlCommand(strSQL, objConn)
  
   '3. 创建参数
   Dim paramUsername as SqlParameter
   paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25)
   paramUsername.Value = txtUsername.Text
   objCmd.Parameters.Add(paramUsername)
  
  
   '加密密码
   Dim md5Hasher as New MD5CryptoServiceProvider()
  
   Dim hashedDataBytes as Byte()
   Dim encoder as New UTF8Encoding()
  
   hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text))
  
   Dim paramPwd as SqlParameter
   paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16)
   paramPwd.Value = hashedDataBytes
   objCmd.Parameters.Add(paramPwd)
  
  
   '执行查询
   objConn.Open()
   Dim iResults as Integer = objCmd.ExecuteScalar()
   objConn.Close()
  
   If iResults = 1 then
   '合法
   Else
   '不合法
   End If
   End Sub
  </script>
  
  <form runat="server">
   <h1>登录:</h1>
   用户名:<asp:TextBox runat="server" id="txtUsername"/><br/>
   密 码:<asp:TextBox runat="server" id="txtPwd" TextMode="Password"/>
   <p><asp:Button runat="server" Text="登录" OnClick="Login"/>
  </form>
  
  下面是MD5CryptoServiceProvider直接生成的例子:
  <%@ Import Namespace="System.Security.Cryptography" %>
  <%@ Import Namespace="System.Text" %>
  <script language="VB" runat="server">
   Sub DisplayEncryptedText(sender as Object, e as EventArgs)
   If Page.IsValid then
   Dim md5Hasher as New MD5CryptoServiceProvider()
  
   Dim hashedDataBytes as Byte()
   Dim encoder as New UTF8Encoding()
  
   hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text))
  
   ltlResults.Text = "<b>Encrypted Results</b><br /> The results are encrypted into " & _
   "an array of 16 bytes. These 16 bytes contain the values:<p><ul>"
  
   Dim b as Byte
   For Each b in hashedDataBytes
   ltlResults.Text &= "<li>" & b & "</li>"
   Next b
  
   ltlResults.Text &= "</ul>"
   End If
   End Sub
  </script>
  
  <form runat="server">
   Enter a string:
   <asp:TextBox id="txtPassword" runat="server" />
   <asp:RequiredFieldValidator runat="server" ControlToValidate="txtPassword"
   Display="Dynamic" ErrorMessage="<i>You must provide a value here...</i>" />
   <asp:RegularExpressionValidator runat="server" ControlToValidate="txtPassword"
   Display="Dynamic" ErrorMessage="<i>The string must be 20 characters or less...</i>"
   ValidationExpression="^.{1,20}$" />
   <br />
   <asp:Button runat="server" Text="View the String as Encrypted Text"
   OnClick="DisplayEncryptedText" />
   <p>
   <asp:Literal runat="server" id="ltlResults" />
  </form>

posted @ 2007-07-25 11:49  星空竹月  阅读(3862)  评论(1编辑  收藏  举报