ASP.NET中保护你的密码

你的主页或者你管理的网站有各种密码需要保护，把密码直接放在数据库或者文件中存在不少安全隐患，所以密码加密后存储是最常见的做法。在ASP.NET中实现加密非常容易。.NET SDK中提供了CookieAuthentication类，其中的HashPasswordForStoringInConfigFile方法可直接使用MD5和SHA1算法。例子如下：

file: encrypting.aspx

<%@ Page language=\\\"c#\\\" Codebehind=\\\"encrypting.cs\\\" AutoEventWireup=\\\"false\\\" Inherits=\\\"encrypting.encrypting\\\" %>
<html><head>
   <meta name=\\\"GENERATOR\\\" Content=\\\"Microsoft Visual Studio 7.0\\\">
   <meta name=\\\"CODE_LANGUAGE\\\" Content=\\\"C#\\\"></head>
<body>
   
   <form method=\\\"post\\\" runat=\\\"server\\\">
<p></p>
<p>
<asp:TextBox id=TextBox1 runat=\\\"server\\\"></asp:TextBox>
<asp:Button id=Button1 runat=\\\"server\\\" Text=\\\"encrypting\\\"></asp:Button></p>
<p>Encrypting Password(MD5):
<aspabel id=MD5 runat=\\\"server\\\"></aspabel></p>

    </form>
   
</body></html>

encrypting.cs

namespace encrypting
{
   using System;
   using System.Collections;
   using System.ComponentModel;
   using System.Data;
   using System.Drawing;
   using System.Web;
   using System.Web.SessionState;
   using System.Web.UI;
   using System.Web.UI.WebControls;
   using System.Web.UI.HtmlControls;
   using System.Web.Security;

   /// <summary>
   ///    Summary description for encrypting.
   /// </summary>
   public class encrypting : System.Web.UI.Page
   {
       protected System.Web.UI.WebControls.Label MD5;
       protected System.Web.UI.WebControls.Button Button1;
       protected System.Web.UI.WebControls.TextBox TextBox1;
   
   public encrypting()
   {
       Page.Init += new System.EventHandler(Page_Init);
       }

       protected void Page_Load(object sender, EventArgs e)
       {
           if (!IsPostBack)
           {
               //
               // Evals true first time browser hits the page
               //
           }
       }

       protected void Page_Init(object sender, EventArgs e)
       {
           //
           // CODEGEN: This call is required by the ASP+ Windows Form Designer.
           //
           InitializeComponent();
       }

       /// <summary>
       ///    Required method for Designer support - do not modify
       ///    the contents of this method with the code editor.
       /// </summary>
       private void InitializeComponent()
       {
           Button1.Click += new System.EventHandler (this.Button1_Click);
           this.Load += new System.EventHandler (this.Page_Load);
       }

       public void Button1_Click (object sender, System.EventArgs e)
       {
           MD5.Text = CookieAuthentication.HashPasswordForStoringInConfigFile(TextBox1.Text,\\\"MD5\\\");
           //SHA1 use CookieAuthentication.HashPasswordForStoringInConfigFile(TextBox1.Text,\\\"SHA1\\\");
       }
   }
}


注意：类CookieAuthentication的namespace是System.Web.Security。