📄 frmstorerslogon.vb
字号:
Imports System.Data.SqlClient
Imports System.Security.Cryptography
Imports System.Web.Security
Public Class Form1
Inherits System.Windows.Forms.Form
#Region " Windows Form Designer generated code "
Public Sub New()
MyBase.New()
'This call is required by the Windows Form Designer.
InitializeComponent()
'Add any initialization after the InitializeComponent() call
End Sub
'Form overrides dispose to clean up the component list.
Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
If disposing Then
If Not (components Is Nothing) Then
components.Dispose()
End If
End If
MyBase.Dispose(disposing)
End Sub
'Required by the Windows Form Designer
Private components As System.ComponentModel.IContainer
'NOTE: The following procedure is required by the Windows Form Designer
'It can be modified using the Windows Form Designer.
'Do not modify it using the code editor.
Friend WithEvents Label1 As System.Windows.Forms.Label
Friend WithEvents cmdSave As System.Windows.Forms.Button
Friend WithEvents txtUserName As System.Windows.Forms.TextBox
Friend WithEvents Label2 As System.Windows.Forms.Label
Friend WithEvents Label3 As System.Windows.Forms.Label
Friend WithEvents txtPassword As System.Windows.Forms.TextBox
Friend WithEvents cboEmployees As System.Windows.Forms.ComboBox
Friend WithEvents lblResult As System.Windows.Forms.Label
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
Me.Label1 = New System.Windows.Forms.Label
Me.cboEmployees = New System.Windows.Forms.ComboBox
Me.cmdSave = New System.Windows.Forms.Button
Me.txtUserName = New System.Windows.Forms.TextBox
Me.txtPassword = New System.Windows.Forms.TextBox
Me.Label2 = New System.Windows.Forms.Label
Me.Label3 = New System.Windows.Forms.Label
Me.lblResult = New System.Windows.Forms.Label
Me.SuspendLayout()
'
'Label1
'
Me.Label1.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte))
Me.Label1.Location = New System.Drawing.Point(8, 16)
Me.Label1.Name = "Label1"
Me.Label1.Size = New System.Drawing.Size(64, 24)
Me.Label1.TabIndex = 0
Me.Label1.Text = "Employee:"
'
'cboEmployees
'
Me.cboEmployees.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDownList
Me.cboEmployees.Location = New System.Drawing.Point(88, 16)
Me.cboEmployees.Name = "cboEmployees"
Me.cboEmployees.Size = New System.Drawing.Size(408, 21)
Me.cboEmployees.TabIndex = 1
'
'cmdSave
'
Me.cmdSave.Location = New System.Drawing.Point(232, 176)
Me.cmdSave.Name = "cmdSave"
Me.cmdSave.Size = New System.Drawing.Size(136, 40)
Me.cmdSave.TabIndex = 4
Me.cmdSave.Text = "Save"
'
'txtUserName
'
Me.txtUserName.Location = New System.Drawing.Point(88, 72)
Me.txtUserName.MaxLength = 255
Me.txtUserName.Name = "txtUserName"
Me.txtUserName.Size = New System.Drawing.Size(232, 20)
Me.txtUserName.TabIndex = 2
Me.txtUserName.Text = ""
'
'txtPassword
'
Me.txtPassword.Location = New System.Drawing.Point(88, 112)
Me.txtPassword.MaxLength = 20
Me.txtPassword.Name = "txtPassword"
Me.txtPassword.PasswordChar = Microsoft.VisualBasic.ChrW(42)
Me.txtPassword.Size = New System.Drawing.Size(232, 20)
Me.txtPassword.TabIndex = 3
Me.txtPassword.Text = ""
'
'Label2
'
Me.Label2.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte))
Me.Label2.Location = New System.Drawing.Point(8, 72)
Me.Label2.Name = "Label2"
Me.Label2.Size = New System.Drawing.Size(80, 24)
Me.Label2.TabIndex = 5
Me.Label2.Text = "User Name:"
'
'Label3
'
Me.Label3.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, CType(0, Byte))
Me.Label3.Location = New System.Drawing.Point(8, 112)
Me.Label3.Name = "Label3"
Me.Label3.Size = New System.Drawing.Size(64, 24)
Me.Label3.TabIndex = 6
Me.Label3.Text = "Password:"
'
'lblResult
'
Me.lblResult.Location = New System.Drawing.Point(8, 224)
Me.lblResult.Name = "lblResult"
Me.lblResult.Size = New System.Drawing.Size(576, 96)
Me.lblResult.TabIndex = 7
'
'Form1
'
Me.AutoScaleBaseSize = New System.Drawing.Size(5, 13)
Me.ClientSize = New System.Drawing.Size(592, 325)
Me.Controls.Add(Me.lblResult)
Me.Controls.Add(Me.Label3)
Me.Controls.Add(Me.Label2)
Me.Controls.Add(Me.txtPassword)
Me.Controls.Add(Me.txtUserName)
Me.Controls.Add(Me.cmdSave)
Me.Controls.Add(Me.cboEmployees)
Me.Controls.Add(Me.Label1)
Me.Name = "Form1"
Me.Text = "Store Reporting Services Logon"
Me.ResumeLayout(False)
End Sub
#End Region
'Private Const ConnectionString As String = "Server=localhost\SQL2005;UID=Administrator;pwd=525921125;database=Galactic"
Private Const ConnectionString As String = "Data Source=WRTANDY\SQL2005;Integrated Security=SSPI;Initial Catalog=Galactic"
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Dim conn As SqlConnection = New SqlConnection(ConnectionString)
Dim cmd As SqlCommand = New SqlCommand("stp_EmployeeList", conn)
Dim sqlParam As SqlParameter
Dim reader As SqlDataReader
' Get the PasswordHash and the PasswordSalt from
' the Employee table in the Galactic database.
cmd.CommandType = CommandType.StoredProcedure
Try
conn.Open()
reader = cmd.ExecuteReader
' Advance through the returned records and populate the dropdown list.
While reader.Read()
cboEmployees.Items.Add(reader.GetString(0) & ", " & reader.GetString(1) & " - " & reader.GetString(2))
End While
Catch ex As Exception
Throw New Exception("Exception reading employee list. " & ex.Message)
Finally
conn.Close()
End Try
End Sub
Private Sub cmdSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSave.Click
Dim conn As SqlConnection = New SqlConnection(ConnectionString)
Dim cmd As SqlCommand = New SqlCommand("stp_RegisterUser", conn)
Dim sqlParam As SqlParameter
Dim reader As SqlDataReader
Dim PasswordHash As String
Dim PasswordSalt As String
Dim passwordAndSalt As String
Dim hashedPasswordAndSalt As String
Dim dashPos As Integer
If cboEmployees.Text = "" Then
lblResult.Text = "Please select an employee."
Return
Else
lblResult.Text = ""
End If
' Make sure there are no illegal characters in the username or the password.
If Not CheckAuthentication.ValidateString(txtUserName.Text) Then
lblResult.Text = "There is an illegal character in the username." & vbCrLf & "The user name cannot contain any of the following: : ? ; @ & = + $ , \ * > < | . "" / '"
Return
End If
If Not CheckAuthentication.ValidateString(txtPassword.Text) Then
lblResult.Text = "There is an illegal character in the password." & vbCrLf & "The user name cannot contain any of the following: : ? ; @ & = + $ , \ * > < | . "" / '"
Return
End If
' Get the PasswordHash and the PasswordSalt from
' the Employee table in the Galactic database.
cmd.CommandType = CommandType.StoredProcedure
sqlParam = cmd.Parameters.Add("@EmployeeNumber", SqlDbType.VarChar, 20)
dashPos = InStr(cboEmployees.Text, "-")
sqlParam.Value = Mid(cboEmployees.Text, dashPos + 2, 20)
sqlParam = cmd.Parameters.Add("@UserName", SqlDbType.VarChar, 255)
sqlParam.Value = txtUserName.Text
' Encrypt the password.
PasswordSalt = CheckAuthentication.CreateSalt(5)
PasswordHash = CheckAuthentication.CreatePasswordHash(txtPassword.Text, PasswordSalt)
sqlParam = cmd.Parameters.Add("@PasswordHash", SqlDbType.VarChar, 40)
sqlParam.Value = PasswordHash
sqlParam = cmd.Parameters.Add("@PasswordSalt", SqlDbType.VarChar, 10)
sqlParam.Value = PasswordSalt
Try
conn.Open()
cmd.ExecuteNonQuery()
lblResult.Text = "The Reporting Services logon information was saved."
Catch ex As Exception
lblResult.Text = "Exception saving password. " & ex.Message
Finally
conn.Close()
End Try
End Sub
Private Sub cboEmployees_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cboEmployees.SelectedIndexChanged
lblResult.Text = ""
End Sub
End Class
Friend Class CheckAuthentication
' This function is used to create a cryptographic random number
' that is used to salt the user's password for added security.
Shared Function CreateSalt(ByVal size As Integer) As String
' Use the cryptographic service provider to generate
' the cryptographic random number.
Dim rng As RNGCryptoServiceProvider = New RNGCryptoServiceProvider
Dim buff(size) As Byte
rng.GetBytes(buff)
' Return a base64 representation of the random number.
Return Convert.ToBase64String(buff)
End Function
' This function returns a hash of the combined password and salt value
Shared Function CreatePasswordHash(ByVal pwd As String, ByVal salt As String) As String
Dim saltAndPwd As String
Dim hashedPwd As String
' Concatenate the password and the salt value
saltAndPwd = pwd & salt
' Hash the salted password
hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPwd, "SHA1")
Return hashedPwd
End Function
' Make sure that there are no unwanted characters in the username or password.
' This prevents problems if MyReports is enabled and also can help prevent certain types
' of security attachs.
Shared Function ValidateString(ByVal stringToCheck As String) As Boolean
If InStr(stringToCheck, ":") > 0 Then
Return False
ElseIf InStr(stringToCheck, "?") > 0 Then
Return False
ElseIf InStr(stringToCheck, ";") > 0 Then
Return False
ElseIf InStr(stringToCheck, "@") > 0 Then
Return False
ElseIf InStr(stringToCheck, "&") > 0 Then
Return False
ElseIf InStr(stringToCheck, "=") > 0 Then
Return False
ElseIf InStr(stringToCheck, "+") > 0 Then
Return False
ElseIf InStr(stringToCheck, "$") > 0 Then
Return False
ElseIf InStr(stringToCheck, ",") > 0 Then
Return False
ElseIf InStr(stringToCheck, "\") > 0 Then
Return False
ElseIf InStr(stringToCheck, "*") > 0 Then
Return False
ElseIf InStr(stringToCheck, ">") > 0 Then
Return False
ElseIf InStr(stringToCheck, "<") > 0 Then
Return False
ElseIf InStr(stringToCheck, "|") > 0 Then
Return False
ElseIf InStr(stringToCheck, ".") > 0 Then
Return False
ElseIf InStr(stringToCheck, """") > 0 Then
Return False
ElseIf InStr(stringToCheck, "/") > 0 Then
Return False
ElseIf InStr(stringToCheck, "'") > 0 Then
Return False
End If
Return True
End Function
End Class
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -