⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 securityhelper.cs

📁 前台:asp.net;后台: sql server 一个功能完善的BBS系统源码。
💻 CS
字号:
🔍 
using System;
using System.Text;
using System.Runtime.InteropServices;
using System.Security.Cryptography;

namespace Stella.Utility
{
	/// <summary>
	/// 执行安全操作的辅助类
	/// </summary>
	/// <remarks>
	/// 数据库连接字符串的操作来自pethshop3
	/// </remarks>
	public abstract class SecurityHelper
	{
		private SecurityHelper(){}
		
		#region 数据库连接字符串的操作
		/// <summary>
		/// 解密数据库连接字符串
		/// </summary>
		/// <param name="InputConnectionString">加密后的数据库连接字符串</param>
		/// <returns>解密后的数据库连接字符串</returns>
		/// <remarks>
		/// 来自pethsop3
		/// </remarks>
		public static string DecryptDBConnectionString(string InputConnectionString)
		{

			// If the variable is blank, return the input
			if(InputConnectionString.Equals(string.Empty))
			{
				return InputConnectionString;
			}

			// Create an instance of the encryption API
			// We assume the key has been encrypted on this machine and not by a user
			DataProtector dp = new DataProtector(Store.Machine);

			// Use the API to decrypt the connection string
			// API works with bytes so we need to convert to and from byte arrays
			byte[] decryptedData = dp.Decrypt( Convert.FromBase64String( InputConnectionString ), null );
			
			// Return the decyrpted data to the string
			return Encoding.ASCII.GetString( decryptedData );
		}

		/// <summary>
		/// 加密数据库连接字符串
		/// </summary>
		/// <param name="encryptedString">未加密的数据库连接字符串</param>
		/// <returns>加密后数据库连接字符串</returns>
		/// <remarks>
		/// 来自pethsop3
		/// </remarks>
		public static string EncryptDBConnectionString(string encryptedString)
		{

			// Create an instance of the encryption API
			// We assume the key has been encrypted on this machine and not by a user
			DataProtector dp = new DataProtector(Store.Machine);

			// Use the API to encrypt the connection string
			// API works with bytes so we need to convert to and from byte arrays
			byte[] dataBytes = Encoding.ASCII.GetBytes( encryptedString );
			byte[] encryptedBytes = dp.Encrypt( dataBytes, null );

			// Return the encyrpted data to the string
			return Convert.ToBase64String( encryptedBytes );
		}

		#endregion
  
        #region 加密用户输入的密码

		private static int saltLen=ConfigHelper.SaltLength;
		
		/// <summary>
		/// 加密用户输入的密码
		/// </summary>
		/// <param name="input">用户输入的密码</param>
		/// <returns>加密后的密码</returns>
		public static byte[] EncryptPassword(string input)
		{
			byte[] sha1Pwd;
			SHA1 sha1=SHA1.Create();
			sha1Pwd=sha1.ComputeHash(Encoding.Unicode.GetBytes(input));
			sha1.Clear();
			//创造盐值
			RNGCryptoServiceProvider rng=new RNGCryptoServiceProvider();
			byte[] salt=new byte[saltLen];
			rng.GetBytes(salt);

			return saltedDBPassword(sha1Pwd,salt);
		}

		/// <summary>
		/// 加密用户输入的密码
		/// </summary>
		/// <param name="input">用户输入的密码</param>
		/// <param name="salt">盐值</param>
		/// <returns>加密后的密码</returns>
		public static byte[] EncryptPassword(string input,byte[] salt)
		{
			byte[] sha1Pwd;
			SHA1 sha1=SHA1.Create();
			sha1Pwd=sha1.ComputeHash(Encoding.Unicode.GetBytes(input));
			sha1.Clear();

			return saltedDBPassword(sha1Pwd,salt);
		}

		private static byte[] saltedDBPassword(byte[] sha1Pwd,byte[] salt)
		{
			System.Diagnostics.Debug.Fail(Convert.ToBase64String(salt));
			//将密码和盐值联合在一起
			int len=sha1Pwd.Length;
			byte[] plusPwd=new byte[len+saltLen];
			sha1Pwd.CopyTo(plusPwd,0);
			salt.CopyTo(plusPwd,len);

			//加密加入盐值的密码
			SHA1 sha1=SHA1.Create();
			byte[] saltedPwd=sha1.ComputeHash(plusPwd);
			sha1.Clear();

			//将盐值和密码一起存储到数据库
			int len2=saltedPwd.Length;
			byte[] DBPwd=new byte[len2+saltLen];
			saltedPwd.CopyTo(DBPwd,0);
			salt.CopyTo(DBPwd,len2);

			return DBPwd;
		}

		#endregion

		#region 随机密码生成

		/// <summary>
		/// 随机密码生成
		/// </summary>
		/// <param name="pwdchars">生成的随机密码串可以使用哪些字符</param>
		/// <param name="pwdlen">生成的随机密码串的长度</param>
		/// <returns>随机明文密码</returns>
		public static string MakeLightPassword(string pwdchars, int pwdlen)
		{
			//通过调用 Random 类的 Next() 方法
			//先获得一个大于或等于 0 而小于 pwdchars 长度的整数
			//以该数作为索引值,从可用字符串中随机取字符
			//以指定的密码长度为循环次数,依次连接取得的字符
			//最后即得到所需的随机密码串了。
			StringBuilder tmpstr =new StringBuilder();
			int iRandNum;
			Random rnd = new Random();
			for(int i=0;i<pwdlen;i++)
			{
				iRandNum = rnd.Next(pwdchars.Length);
				//tmpstr += pwdchars[iRandNum];
				tmpstr.Append(pwdchars[iRandNum]);
			}
			return tmpstr.ToString();
		}

		#endregion

		/// <summary>
		/// 比较两个字节数组
		/// </summary>
		/// <param name="array1">数组1</param>
		/// <param name="array2">数组2</param>
		/// <returns>是否相等</returns>
		public static bool CompareByteArray(byte[] array1, byte[] array2)
		{
			System.Diagnostics.Debug.Fail(Convert.ToBase64String(array1),Convert.ToBase64String(array2));

			if (array1.Length != array2.Length)
				return false;

			for (int i = 0; i < array1.Length; i++)
			{
				if (array1[i] != array2[i])
					return false;
			}
			return true;
		}

		/// <summary>
		/// 从加密的字节数组中得到盐值
		/// </summary>
		/// <param name="DBPassword">加密的字节数组</param>
		/// <returns>盐值</returns>
		public static byte[] GetSalt(byte[] DBPassword)
		{
			int len=ConfigHelper.SaltLength;
			int len2=DBPassword.Length-len;
			byte[] salt=new byte[len];
			for(int i=0;i<len;i++)
			{
				salt[i]=DBPassword[len2+i];
			}

			return salt;
		}
	}
}

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -