c#,对密码登录进行加密和解密。 System.Security.Cryptography.CryptographicException:错误的数据。 错误
[英]c# , encrypt and Decrypt for the password login. System.Security.Cryptography.CryptographicException: Bad Data. error
问题描述
Hello all i might take your time and thx in advance for any answer. 
您好,我可能会提前抽出宝贵的时间为您解答。 well i've been facing this problem since long time i have assignment to make a website in ASP.Net mvc and im having problem with encrypt and Decrypt for the password , for encrypt its work very fine and turn the password to hash when the user registor but what im trying to get the hash string and Decrypt when the user try to login but the Decrypt function is not working and giving me error . 好吧,我一直在面对这个问题,因为很长时间以来我一直被分配在ASP.Net mvc中创建一个网站,并且我在密码的加密和解密方面遇到问题,因为加密工作非常好,并且当用户将密码转换为哈希时注册表,但是当用户尝试登录但Decrypt函数无法正常工作并给我错误时,试图获取哈希字符串和Decrypt的原因是什么?
in User Controllar : 在User Controllar中:
public string Decrypt(string cipherString)
{
string EncryptionKey = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
//cipherString = "62KO b2aMA8=";
int mm = cipherString.Replace(" ", "").Length % 4;
if (mm > 0)
{
cipherString += new string('=', 4 - mm);
}
byte[] cipherBytes = Convert.FromBase64String(cipherString);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close(); //here the error show up
}
cipherString = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherString;
}
and here where i call the dcrypt for login 在这里我叫dcrypt登录
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(User objUser, string returnUrl)
{
System.Diagnostics.Debug.WriteLine(ModelState.IsValid);
objUser.Password = Decrypt(objUser.Password);
{
@ViewBag.Message = objUser.UserName;
var obj = db.User.Where(a => a.UserName.Equals(objUser.UserName) && a.Password.Equals(objUser.Password)).FirstOrDefault();
if (obj != null)
{
Session["UserID"] = obj.UserID.ToString();
Session["UserName"] = obj.UserName.ToString();
return RedirectToAction("UserShow");
}
}
@ViewBag.Message = "Error , you had insert wrong password or WIW Name";
return View(objUser);
}
public ActionResult UserShow()
{
if (Session["UserID"] != null)
{
System.Diagnostics.Debug.WriteLine(Session["UserName"]);
return View("Login");
}
else
{
return RedirectToAction("Login");
}
}
so can u help me finding the problem plzzzzz :( 所以你能帮我找到问题吗plzzzzz :(
2 个解决方案
解决方案1
0 2017-09-29 09:19:43
The most optimal way of storing password is that you use the following technique. 存储密码的最佳方法是使用以下技术。
- Concatenate the password string with a unique random string. 将密码字符串与唯一的随机字符串连接在一起。 (You can use Guid class to generate such strings). (您可以使用Guid类生成此类字符串)。 Such string is called salt. 这样的线称为盐。
- Next hash the resultant string (using any of the available hashing algorithms) ie, the one formed by concatenation of the actual password and salt. 接下来,对结果字符串进行哈希处理(使用任何可用的哈希算法),即由实际密码和salt串联而成的字符串。
- Store the generated hash and the salt in separate fields of your table. 将生成的哈希和盐存储在表的单独字段中。
Now whenever you have to validate a password you will use the following process: 现在,每当需要验证密码时,都将使用以下过程:
- Fetch the salt for the user. 为用户获取盐。
- Concatenate the salt to the entered password. 将盐连接到输入的密码。
- Obtain the hash of the resultant string. 获取结果字符串的哈希值。
- Compare this generated hash with the one stored against the user. 将此生成的哈希与针对用户存储的哈希进行比较。
解决方案2
-1 2017-09-29 07:26:59
As Kell stated storing a "clear" password is a bad manner. 正如Kell所说,存储“清除”密码是一种错误的方式。 You save the encrypted password, then when the user inputs 123456 as password, you encrypt his/her input and compare it to the stored encrypted password. 保存加密的密码,然后在用户输入123456作为密码时,对他/她的输入进行加密并将其与存储的加密密码进行比较。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.