我想創建一個簡單的asp.net網站,允許用戶註冊和登錄。我已成功地設法將所有數據存儲在數據庫中,並以登錄形式對用戶進行身份驗證。然而,現在我想要做的事情是每當新用戶註冊以MD5格式存儲數據庫中的密碼並匹配哈希以便用戶能夠登錄時。C#加密登錄
這是在寄存器單元,存儲在數據庫中的用戶代碼:
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["AssignmentDBConnectionString"].ConnectionString);
conn.Open();
string insertQuery = "insert into [AsTable] ([Username],Email,Password) values (@Username ,@Email, @Password)";
SqlCommand com = new SqlCommand(insertQuery, conn);
com.Parameters.AddWithValue("@Username", TextBoxUsername.Text);
com.Parameters.AddWithValue("@email", TextBoxEmail.Text);
com.Parameters.AddWithValue("@password", TextBoxPass.Text);
com.ExecuteNonQuery();
Response.Redirect("Manager.aspx");
Response.Write("Registration Completed");
conn.Close();
}
catch (Exception ex)
{
Response.Write("Error:"+ex.ToString());
}
這是在說,爲了驗證用戶登錄部分的代碼,他登錄:
conn.Open();
string checkPasswordQuery = "select Password from [AsTable] where Username ='" + TextBoxUsername.Text + "'";
SqlCommand passcom = new SqlCommand(checkPasswordQuery, conn);
string password = passcom.ExecuteScalar().ToString().Replace(" ","");
if (password == TextBoxPassword.Text)
{
Session["New"] = TextBoxUsername.Text;
Response.Write("Password is correct");
Response.Redirect("Index.aspx");
}
else
{
Response.Write("Password is not correct");
}
}
else
{
Response.Write("Username is not correct");
}
}
任何想法如何改變?
**警告**你的第二個例子容易受到sql注入攻擊! – 2015-03-13 12:53:04
使用默認的sql成員資格提供程序而不是自定義代碼 – Ewan 2015-03-13 12:55:08
使用SP和參數查詢。如果不使用'using'語法,我會關閉finally {}塊中的連接。 – Tim 2015-03-13 12:56:13