[英]c# , encrypt and Decrypt for the password login. System.Security.Cryptography.CryptographicException: Bad Data. error
Hello all i might take your time and thx in advance for any answer. 您好,我可能会提前抽出宝贵的时间为您解答。 well i've been facing this problem since long time i have assignment to make a website in ASP.Net mvc and im having problem with encrypt and Decrypt for the password , for encrypt its work very fine and turn the password to hash when the user registor but what im trying to get the hash string and Decrypt when the user try to login but the Decrypt function is not working and giving me error . 好吧,我一直在面对这个问题,因为很长时间以来我一直被分配在ASP.Net mvc中创建一个网站,并且我在密码的加密和解密方面遇到问题,因为加密工作非常好,并且当用户将密码转换为哈希时注册表,但是当用户尝试登录但Decrypt函数无法正常工作并给我错误时,试图获取哈希字符串和Decrypt的原因是什么?
in User Controllar : 在User Controllar中:
public string Decrypt(string cipherString)
{
string EncryptionKey = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
//cipherString = "62KO b2aMA8=";
int mm = cipherString.Replace(" ", "").Length % 4;
if (mm > 0)
{
cipherString += new string('=', 4 - mm);
}
byte[] cipherBytes = Convert.FromBase64String(cipherString);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close(); //here the error show up
}
cipherString = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherString;
}
and here where i call the dcrypt for login 在这里我叫dcrypt登录
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(User objUser, string returnUrl)
{
System.Diagnostics.Debug.WriteLine(ModelState.IsValid);
objUser.Password = Decrypt(objUser.Password);
{
@ViewBag.Message = objUser.UserName;
var obj = db.User.Where(a => a.UserName.Equals(objUser.UserName) && a.Password.Equals(objUser.Password)).FirstOrDefault();
if (obj != null)
{
Session["UserID"] = obj.UserID.ToString();
Session["UserName"] = obj.UserName.ToString();
return RedirectToAction("UserShow");
}
}
@ViewBag.Message = "Error , you had insert wrong password or WIW Name";
return View(objUser);
}
public ActionResult UserShow()
{
if (Session["UserID"] != null)
{
System.Diagnostics.Debug.WriteLine(Session["UserName"]);
return View("Login");
}
else
{
return RedirectToAction("Login");
}
}
so can u help me finding the problem plzzzzz :( 所以你能帮我找到问题吗plzzzzz :(
The most optimal way of storing password is that you use the following technique. 存储密码的最佳方法是使用以下技术。
Now whenever you have to validate a password you will use the following process: 现在,每当需要验证密码时,都将使用以下过程:
As Kell stated storing a "clear" password is a bad manner. 正如Kell所说,存储“清除”密码是一种错误的方式。 You save the encrypted password, then when the user inputs 123456 as password, you encrypt his/her input and compare it to the stored encrypted password. 保存加密的密码,然后在用户输入123456作为密码时,对他/她的输入进行加密并将其与存储的加密密码进行比较。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.