ASP.NET
JavaScriptASP.NETPHP编程正则表达式AJAX相关ASP编程JSP编程编程10000问CSS/HTMLFlex脚本加解密web2.0XML/RSS网页编辑器相关技巧安全相关网页播放器DartVue.js

ASP.NET MVC结合JavaScript登录、校验和加密

发布时间:2022-04-16 发布网站:脚本宝典
脚本宝典收集整理的这篇文章主要介绍了ASP.NET MVC结合JavaScript登录、校验和加密脚本宝典觉得挺不错的,现在分享给大家,也给大家做个参考。

最近闲来无事给自己写了家庭财务收支管理系统,也就包含支出管理,收入管理和一些统计功能。

先说登录模块,因为涉及GET和POST请求,这些东西都是能被监控和抓取的所以就考虑这使用RSA加密解密方式传输用户名和密码参数,页面JS如下: 

/*需要引入三个JS文件,BigInt.js、RSA.js和Barrett.js,用到cookie则需要引入jquery.cookie.js文件*/
//与后台交互获取公钥
function getPublicKey() {
 VAR pubKey = '';
 if ($.cookie('publicKey') == null) {
  $.ajax({
   url: "/Account/GetRsaPublicKey",
   tyPE: "get",
   contentType: "application/x-www-form-urlencoded; charset=utf-8",
   async: false,
   data: {},
   dataType: "json",
   success: function (data) {
    if (data.Code == 0) {
     pubKey = data.RsaPublicKey + "," + data.Key;
     $.cookie('publicKey', pubKey, { expires: 1 / 1440 });
    } else {
     config.Method.JudgeCode(data, 1);
    }
   }
  });
 } else {
  pubKey = $.cookie('publicKey');
 }
 return pubKey;
}
//公钥加密用户密码Pwd为RSA加密后参数
function rSAEncrypt(pwd) {
 var publicKey = getPublicKey();
 setMaxDigITs(129);
 var rsaKey = new RSAKeyPair(publicKey.split(",")[0], "", publicKey.split(",")[1]);
 var pwdRtn = encryptedString(rsaKey, pwd);
 return pwdRtn + "," + publicKey.split(",")[2];
}
//POST登录请求,参数
<script type="text/javascript">
 $(function () {
  $('#BTnSubmit').live('click', function () {
   var uName = $('#u').val();
   var pwd = $('#p').val();
   if (uName == '') {
    alert('用户名不能为空');
    return;
   }
   if (pwd == '') {
    alert('用户密码不能为空');
    return;
   }
   var enPwd = rsaEncrypt(pwd);
   $.ajax({
    type: "POST",
    url: "/Account/UserLogin",
    data: { 'UserName': uName, 'Pwd': enPwd.split(",")[0], 'Key': enPwd.split(",")[1], 'RUrl': $('#hiddenUrl').val() },
    contentType: "application/x-www-form-urlencoded; charset=utf-8",
    async: false,
    dataType: "json",
    success: function (data) {
     if (data.result == true) {
      window.location.href = data.url;
      return false;
     } else {
      $('#msg').text(data.message);
     }
    },
    error: function (XMLHttPRequest, textstatus, errorThrown) {
     $('#msg').text(XMLHttpRequest.status + '||' + XMLHttpRequest.readyState + '||' + textStatus);
    }
   });
  });
 })
</script>

前台加密完成后就需要后台做解密处理,解密完成后需要使用MD5加密现有密码与数据库中用户密码进行比较验证,如果验证通过则需要写入cookie以便下次用户能自   动登录,由于cookie中我不希望用户名和密码都明码存储,我这里用到了AES加密的方式,自定义一个32位的加密密钥对cookie进行加密解密处理,后台c#代码如下:

[HttpPost]
  public JsonResult UserLOGin(string UserName, string Pwd, string Key, string RUrl)
  {
   string privateKey = Common.CacheGet(Key) as string;
   if (!string.IsNullOrEmpty(privateKey))
   {
    if (string.IsNullOrEmpty(UserName))
    {
     return Json(new { result = false, message = "用户名为空" }, JsonRequestBehavior.AllowGet);
    }
    if (string.IsNullOrEmpty(Pwd))
    {
     return Json(new { result = false, message = "用户密码为空" }, JsonRequestBehavior.AllowGet);
    }
    string pwd = Common.DecryptRSA(Pwd, privateKey);//私钥解密
    string md5Pwd = Common.NoneEncrypt(Common.NoneEncrypt(Common.NoneEncrypt(pwd, 1), 1), 1);//将解密后的值md5加密3次
    AccountUnserInfo userInfo = bll.GetUserInfo(UserName.Trim(), md5Pwd);
    if (userInfo != null @R_406_315@ userInfo.U_Id > 0)//用户信息存在
    {
     //用户名、密码放入cookie
     HttpCookie cookie = new HttpCookie("fw_izz");
     //AES加密Cookie
     cookie["u_name"] = AesEncryptHelper.EncryptAes(UserName);
     cookie["u_pwd"] = AesEncryptHelper.EncryptAes(pwd);
     cookie.Expires = DateTime.Now.AddDays(7);
     Response.Cookies.Add(cookie);
     if (!string.IsNullOrEmpty(RUrl))//接收隐藏域中的值
     {
      return Json(new { result = true, message = "成功", url = RUrl });
     }
     else
     {
      return Json(new { result = true, message = "成功", url = "/AccountDetail/Index" });
     }
    }
    else
    {
     return Json(new { result = false, message = "用户信息不存在", url = "/Account/Index" });
    }
   }
   else
   {
    return Json(new { result = false, message = "非法秘钥", url = "/Account/Index" });
   }
  }

各种加密解密方法、Cache操作以及cookie操作代码如下:  

public class Common
 {
  /// <summary>
  /// 产生一组RSA公钥、私钥
  /// </summary>
  /// <returns></returns>
  public static Dictionary<string, string> CreateRsaKeyPair()
  {
   var keyPair = new Dictionary<string, string>();
   var rsaProvider = new RSACryptoServiceProvider(1024);
   RSAParameters parameter = rsaProvider.exportParameters(true);
   keyPair.Add("PUBLIC", BytestoHexString(parameter.Exponent) + "," + BytesToHexString(parameter.Modulus));
   keyPair.Add("PRIVATE", rsaProvider.ToXmlString(true));
   return keyPair;
  }

  /// <summary>
  /// RSA解密字符串
  /// </summary>
  /// <param name="encryptData">密文</param>
  /// <param name="privateKey">私钥</param>
  /// <returns>明文</returns>
  public static string DecryptRSA(string encryptData, string privateKey)
  {
   string decryptData = "";
   try
   {
    var provider = new RSACryptoServiceProvider();
    provider.FromXmlString(privateKey);

    byte[] result = provider.Decrypt(HexStringToBytes(encryptData), false);
    ASCIIEncoding enc = new ASCIIEncoding();
    decryptData = enc.GetString(result);
   }
   catch (Exception e)
   {
    throw new Exception("RSA解密出错!", e);
   }
   return decryptData;
  }

  private static string BytesToHexString(byte[] input)
  {
   StringBuilder hexString = new StringBuilder(64);

   for (int i = 0; i < input.Length; i++)
   {
    hexString.Append(String.Format("{0:X2}", input[i]));
   }
   return hexString.ToString();
  }

  public static byte[] HexStringToBytes(string hex)
  {
   if (hex.Length == 0)
   {
    return new byte[] { 0 };
   }
   if (hex.Length % 2 == 1)
   {
    hex = "0" + hex;
   }
   byte[] result = new byte[hex.Length / 2];
   for (int i = 0; i < hex.Length / 2; i++)
   {
    result[i] = byte.Parse(hex.Substring(2 * i, 2), System.Globalization.NumberStyles.AllowHexSpecifier);
   }
   return result;
  }

  private static ObjectCache Cache
  {
   get { return MemoryCache.Default; }
  }
  /// <summary>
  /// 获取缓存
  /// </summary>
  /// <param name="key"></param>
  /// <returns></returns>
  public static object CacheGet(string key)
  {
   return Cache[key];
  }
  /// <summary>
  /// 设置缓存
  /// </summary>
  /// <param name="key"></param>
  /// <param name="data"></param>
  /// <param name="cacheTime"></param>
  public static void CacheSet(string key, object data, int cacheTime)
  {
   Cacheitempolicy policy = new CacheItemPolicy();
   policy.AbsoluteExpiration = DateTime.Now + TimeSpan.FromMinutes(cacheTime);
   Cache.Add(new CacheItem(key, data), policy);
  }
  /// <summary>
  /// 判断缓存是否存在
  /// </summary>
  /// <param name="key"></param>
  /// <returns></returns>
  public static bool IsSet(string key)
  {
   return (Cache[key] != null);
  }
  /// <summary>
  /// 缓存失效
  /// </summary>
  /// <param name="key"></param>
  public static void CacheRemove(string key)
  {
   Cache.Remove(key);
  }
  /// <summary>
  /// 对字符串进行加密(不可逆)
  /// </summary>
  /// <param name="Password">要加密的字符串</param>
  /// <param name="Format">加密方式,0 is SHA1,1 is MD5</param>
  /// <returns></returns>
  public static string NoneEncrypt(string Password, int Format)
  {
   string strResult = "";
   switch (Format)
   {
    case 0:
     strResult = FormsAuthentication.HashPassworDForStoringInConfigFile(Password, "SHA1");
     break;
    case 1:
     strResult = FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "MD5");
     break;
    default:
     strResult = Password;
     break;
   }
   return strResult;
  }
 }

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持脚本宝典。

您可能感兴趣的文章:

脚本宝典总结

以上是脚本宝典为你收集整理的ASP.NET MVC结合JavaScript登录、校验和加密全部内容,希望文章能够帮你解决ASP.NET MVC结合JavaScript登录、校验和加密所遇到的问题。

如果觉得脚本宝典网站内容还不错,欢迎将脚本宝典推荐好友。

本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。
标签:ASP.NETMVC校验校验登录登录
猜你在找的ASP.NET相关文章
其他相关热搜词更多
phpjavapython程序员loadpost-format-gallerydivString参数开发ListcapMapClass工具安装SQL数据库资源this
全站导航更多
html5HTML/XhtmlCSSXML/XSLTDreamweaver教程Frontpage教程心得技巧JavaScriptASP.NETPHP编程正则表达式AJAX相关ASP编程JSP编程编程10000问CSS/HTMLFlexvbsDOS/BAThtahtcpythonperl游戏相关VBA远程脚本ColdFusionMsSqlMysqlmariadboracleDB2mssql2008mssql2005SQLitePostgreSQLMongoDB星外虚拟主机华众虚拟主机Linuxwin服务器FTP服务器DNS服务器Tomcatnginxzabbix云和虚拟化bios系统安装系统系统进程Windows系列LINUXRedHat/CentosUbuntu/DebianFedoraSolaris红旗Linux建站经验微信营销网站优化网站策划网络赚钱网络创业站长故事alexa域名photoshop教程摄影教程Fireworks教程CorelDraw教程Illustrator教程Painter教程Freehand教程IndesignSketch笔记本主板内存CPU存储显卡显示器光存储鼠标键盘平板电脑安全教程杀毒防毒安全设置病毒查杀脚本攻防入侵防御工具使用业界动态Exploit漏洞分析
最新ASP.NET教程
热门ASP.NET教程