在上一篇關於cookies欺騙的隨筆中,提到的解決方案是把密碼MD5加密之后存入cookies中,確實這種方法實現了效果,不過把密碼留在客戶端等待着去被破解不是一個合適的方法,在此也感謝 @老牛吃肉 以及各位小伙伴們的熱烈討論。在這里改寫了一下方案,記錄一下。
廢話不多說直接上代碼:
先寫一個DES加密類,可以直接拿走用,所以雖然是寫DEMO也給單獨拿出來了。
1 using System; 2 using System.Data; 3 using System.Web.Security; 4 using System.Security.Cryptography; 5 using System.Text; 6 using System.IO; 7 8 /// <summary> 9 /// DES 的摘要說明 10 /// </summary> 11 public class DES 12 { 13 public DES() 14 {} 15 16 /// <summary> 17 /// 加密 18 /// </summary> 19 /// <param name="Text"></param> 20 /// <param name="sKey"></param> 21 /// <returns></returns> 22 public static string Encrypt(string Text, string sKey) 23 { 24 DESCryptoServiceProvider provider = new DESCryptoServiceProvider(); 25 byte[] bytes = Encoding.Default.GetBytes(Text); 26 provider.Key = Encoding.ASCII.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile(sKey, "md5").Substring(0, 8)); 27 provider.IV = Encoding.ASCII.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile(sKey, "md5").Substring(0, 8)); 28 MemoryStream stream = new MemoryStream(); 29 CryptoStream stream2 = new CryptoStream(stream, provider.CreateEncryptor(), CryptoStreamMode.Write); 30 stream2.Write(bytes, 0, bytes.Length); 31 stream2.FlushFinalBlock(); 32 StringBuilder builder = new StringBuilder(); 33 foreach (byte num in stream.ToArray()) 34 { 35 builder.AppendFormat("{0:X2}", num); 36 } 37 return builder.ToString(); 38 } 39 40 41 /// <summary> 42 /// 以默認密鑰加密 43 /// </summary> 44 /// <param name="Text"></param> 45 /// <returns></returns> 46 public static string Encrypt(string Text) 47 { 48 return Encrypt(Text, "http://www.cnblogs.com/webconfig"); 49 } 50 51 52 /// <summary> 53 /// 解密 54 /// </summary> 55 /// <param name="Text"></param> 56 /// <param name="sKey"></param> 57 /// <returns></returns> 58 public static string Decrypt(string Text, string sKey) 59 { 60 DESCryptoServiceProvider provider = new DESCryptoServiceProvider(); 61 int num = Text.Length / 2; 62 byte[] buffer = new byte[num]; 63 for (int i = 0; i < num; i++) 64 { 65 int num3 = Convert.ToInt32(Text.Substring(i * 2, 2), 0x10); 66 buffer[i] = (byte)num3; 67 } 68 provider.Key = Encoding.ASCII.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile(sKey, "md5").Substring(0, 8)); 69 provider.IV = Encoding.ASCII.GetBytes(FormsAuthentication.HashPasswordForStoringInConfigFile(sKey, "md5").Substring(0, 8)); 70 MemoryStream stream = new MemoryStream(); 71 CryptoStream stream2 = new CryptoStream(stream, provider.CreateDecryptor(), CryptoStreamMode.Write); 72 stream2.Write(buffer, 0, buffer.Length); 73 stream2.FlushFinalBlock(); 74 return Encoding.Default.GetString(stream.ToArray()); 75 } 76 77 78 79 /// <summary> 80 /// 以默認密鑰解密 81 /// </summary> 82 /// <param name="Text"></param> 83 /// <returns></returns> 84 public static string Decrypt(string Text) 85 { 86 return Decrypt(Text, "http://www.cnblogs.com/webconfig"); 87 } 88 }
Login
1 protected void Page_Load(object sender, EventArgs e) 2 { 3 //為了方便演示,每次加載登錄頁面“歸零” 4 Response.Cookies["uid"].Value = "0"; 5 } 6 protected void Button1_Click(object sender, EventArgs e) 7 { 8 //驗證步驟略過,假設用戶通過驗證並且得到如下信息: 9 10 int uid = 1; //用戶唯一ID 11 string username = "admin"; //用戶名 12 string userpwd = "123456"; //用戶密碼 13 14 string uidstr = DES.Encrypt(uid.ToString()); 15 16 //接下來要保存用戶登錄狀態 17 Response.Cookies["uid"].Value = uidstr; 18 19 //跳轉到登錄后的頁面 20 Response.Redirect("Main.aspx"); 21 22 } 23 protected void Button2_Click(object sender, EventArgs e) 24 { 25 //未經驗證直接進入Main.aspx 26 Response.Redirect("Main.aspx"); 27 }
Main
1 protected void Page_Load(object sender, EventArgs e) 2 { 3 CheckLogin(); 4 } 5 6 7 private void CheckLogin() 8 { 9 10 if (Request.Cookies["uid"] != null && Request.Cookies["uid"].Value != "") //判斷cookies是否存在 11 { 12 int uid = 0; 13 try 14 { 15 uid = int.Parse(DES.Decrypt(Request.Cookies["uid"].Value)); 16 } 17 catch //捕獲 cookies參數錯誤:非正確的 DES加密格式 或者解密后類型無法轉換為int 18 { 19 Response.Write("您尚未登陸,<a href='login.aspx'>點此登錄</a>"); 20 return; 21 } 22 23 if (GetUserInfo(uid, "") != "") //判斷UID 是否存在 24 { 25 Response.Write(GetUserInfo(uid, "username") + "已登錄"); 26 } 27 else 28 { 29 Response.Write("您尚未登陸,<a href='login.aspx'>點此登錄</a>"); 30 } 31 } 32 else 33 { 34 Response.Write("您尚未登陸,<a href='login.aspx'>點此登錄</a>"); 35 } 36 } 37 38 39 /// <summary> 40 /// 模擬一個獲取用戶信息的方法 41 /// 然而實際操作中需要通過ID查詢數據庫來獲取用戶信息 42 /// 這里為了方便演示就直接return固定的值了 43 /// </summary> 44 /// <param name="uid"></param> 45 /// <param name="key"></param> 46 /// <returns></returns> 47 private string GetUserInfo(int uid, string key) 48 { 49 if (uid == 1) //這里只設置uid為1的用戶,其他的UID的用戶不存在 50 { 51 switch (key) 52 { 53 case "username": return "admin"; 54 case "password": return "123456"; 55 default: return "null"; 56 } 57 } 58 else 59 { 60 return ""; 61 } 62 }
最后來看測試效果:
UID是加密過的字符串,如果用戶想用通過修改cookies的方法,那么他需要滿足一下兩個條件
1,猜中其他用戶的UID
2,猜中網站DES加密的密鑰
最后通過UID和密鑰進行加密,把cookies修改為加密后的字符串
不過,第一條可能可以猜中,但是第二條,一般情況下密鑰管理的好的話是不會有太大問題的。
本例DEMO:http://files.cnblogs.com/webconfig/Cookies%E6%AC%BA%E9%AA%972.rar
本文出自 低調碼農的筆記簿http://www.cnblogs.com/webconfig/p/3624831.html 轉載請注明出處,如有謬誤不當之處,歡迎指正拍磚,不勝感謝!!