網站添加驗證碼,主要為防止機器人程序批量注冊,或對特定的注冊用戶用特定程序暴力破解方式,以進行不斷的登錄、灌水等危害網站的操作。驗證碼被廣泛應用在注冊、登錄、留言等提交信息到服務器端處理的頁面中。
在ASP.NET網站中應用驗證碼是很容易的,網上有很多的解決方案。最近在做一個OA項目,因系統采用的ASP.NET MVC框架,同樣在登錄頁中需用到驗證碼,故需將原來在ASP.NET網站中使用的驗證碼移植到ASP.NET MVC中。
原ASP.NET網站用來生成驗證碼的類文件ValidateCode.cs:
using System; using System.Drawing; using System.Drawing.Imaging; using System.Web.UI; using System.Drawing.Drawing2D; using System.IO; namespace SeniOA.MVC { /// <summary> /// 生成驗證碼的類 /// </summary> public class ValidateCode { public ValidateCode() { } /// <summary> /// 驗證碼的最大長度 /// </summary> public int MaxLength { get { return 10; } } /// <summary> /// 驗證碼的最小長度 /// </summary> public int MinLength { get { return 1; } } /// <summary> /// 生成驗證碼 /// </summary> /// <param name="length">指定驗證碼的長度</param> /// <returns></returns> public string CreateValidateCode(int length) { int[] randMembers = new int[length]; int[] validateNums = new int[length]; string validateNumberStr = ""; //生成起始序列值 int seekSeek = unchecked((int)DateTime.Now.Ticks); Random seekRand = new Random(seekSeek); int beginSeek = (int)seekRand.Next(0, Int32.MaxValue - length * 10000); int[] seeks = new int[length]; for (int i = 0; i < length; i++) { beginSeek += 10000; seeks[i] = beginSeek; } //生成隨機數字 for (int i = 0; i < length; i++) { Random rand = new Random(seeks[i]); int pownum = 1 * (int)Math.Pow(10, length); randMembers[i] = rand.Next(pownum, Int32.MaxValue); } //抽取隨機數字 for (int i = 0; i < length; i++) { string numStr = randMembers[i].ToString(); int numLength = numStr.Length; Random rand = new Random(); int numPosition = rand.Next(0, numLength - 1); validateNums[i] = Int32.Parse(numStr.Substring(numPosition, 1)); } //生成驗證碼 for (int i = 0; i < length; i++) { validateNumberStr += validateNums[i].ToString(); } return validateNumberStr; } /// <summary> /// 創建驗證碼的圖片 /// </summary> /// <param name="containsPage">要輸出到的page對象</param> /// <param name="validateNum">驗證碼</param> public void CreateValidateGraphic(string validateCode) { Bitmap image = new Bitmap((int)Math.Ceiling(validateCode.Length * 12.0), 22); Graphics g = Graphics.FromImage(image); try { //生成隨機生成器 Random random = new Random(); //清空圖片背景色 g.Clear(Color.White); //畫圖片的干擾線 for (int i = 0; i < 25; i++) { int x1 = random.Next(image.Width); int x2 = random.Next(image.Width); int y1 = random.Next(image.Height); int y2 = random.Next(image.Height); g.DrawLine(new Pen(Color.Silver), x1, y1, x2, y2); } Font font = new Font("Arial", 12, (FontStyle.Bold | FontStyle.Italic)); LinearGradientBrush brush = new LinearGradientBrush(new Rectangle(0, 0, image.Width, image.Height), Color.Blue, Color.DarkRed, 1.2f, true); g.DrawString(validateCode, font, brush, 3, 2); //畫圖片的前景干擾點 for (int i = 0; i < 100; i++) { int x = random.Next(image.Width); int y = random.Next(image.Height); image.SetPixel(x, y, Color.FromArgb(random.Next())); } //畫圖片的邊框線 g.DrawRectangle(new Pen(Color.Silver), 0, 0, image.Width - 1, image.Height - 1); //保存圖片數據 MemoryStream stream = new MemoryStream(); image.Save(stream, ImageFormat.Jpeg); //輸出圖片流 containsPage.Response.Clear(); containsPage.Response.ContentType = "image/jpeg"; containsPage.Response.BinaryWrite(stream.ToArray()); } finally { g.Dispose(); image.Dispose(); } } /// <summary> /// 得到驗證碼圖片的長度 /// </summary> /// <param name="validateNumLength">驗證碼的長度</param> /// <returns></returns> public static int GetImageWidth(int validateNumLength) { return (int)(validateNumLength * 12.0); } /// <summary> /// 得到驗證碼的高度 /// </summary> /// <returns></returns> public static double GetImageHeight() { return 22.5; } } }
為適合ASP.NET MVC框架,修改其輸出圖片流的方法CreateValidateGraphic為:
/// <summary> /// 創建驗證碼的圖片 /// </summary> /// <param name="containsPage">要輸出到的page對象</param> /// <param name="validateNum">驗證碼</param> public byte[] CreateValidateGraphic(string validateCode) { Bitmap image = new Bitmap((int)Math.Ceiling(validateCode.Length * 12.0), 22); Graphics g = Graphics.FromImage(image); try { //生成隨機生成器 Random random = new Random(); //清空圖片背景色 g.Clear(Color.White); //畫圖片的干擾線 for (int i = 0; i < 25; i++) { int x1 = random.Next(image.Width); int x2 = random.Next(image.Width); int y1 = random.Next(image.Height); int y2 = random.Next(image.Height); g.DrawLine(new Pen(Color.Silver), x1, y1, x2, y2); } Font font = new Font("Arial", 12, (FontStyle.Bold | FontStyle.Italic)); LinearGradientBrush brush = new LinearGradientBrush(new Rectangle(0, 0, image.Width, image.Height), Color.Blue, Color.DarkRed, 1.2f, true); g.DrawString(validateCode, font, brush, 3, 2); //畫圖片的前景干擾點 for (int i = 0; i < 100; i++) { int x = random.Next(image.Width); int y = random.Next(image.Height); image.SetPixel(x, y, Color.FromArgb(random.Next())); } //畫圖片的邊框線 g.DrawRectangle(new Pen(Color.Silver), 0, 0, image.Width - 1, image.Height - 1); //保存圖片數據 MemoryStream stream = new MemoryStream(); image.Save(stream, ImageFormat.Jpeg); //輸出圖片流 return stream.ToArray(); } finally { g.Dispose(); image.Dispose(); } }
在Controller.cs中,添加Action,用來設置將生成的驗證碼存入Session,並輸出驗證碼圖片:
public ActionResult GetValidateCode() { ValidateCode vCode = new ValidateCode(); string code = vCode.CreateValidateCode(5); Session["ValidateCode"] = code; byte[] bytes = vCode.CreateValidateGraphic(code); return File(bytes, @"image/jpeg"); }
調用方式為:在需要使用驗證碼的頁面中,加入<img>標簽:
<img id="valiCode" style="cursor: pointer;" src="../Account/GetValidateCode" alt="驗證碼" />
到於Account/Login這個Action中的處理,只需加入對Session中驗證碼的判斷:
[AcceptVerbs(HttpVerbs.Post)] public ActionResult Login(string userName, string password, bool rememberMe, string returnUrl,string code) { if (Session["ValidateCode"].ToString() != code) { ModelState.AddModelError("code", "validate code is error"); return View(); } //此處驗證用戶名、密碼 if (!ValidateLogOn(userName, password)) { return View(); } //驗證成功 FormsAuthentication.SetAuthCookie(userName, rememberMe); if (!String.IsNullOrEmpty(returnUrl)) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } }
為實現登錄頁中,點擊圖片切換驗證碼,可以登錄頁中加入此JS代碼實現刷新驗證碼:
<script type="text/javascript" src="http://www.cnblogs.com/Scripts/jquery-1.3.2-vsdoc.js"></script> <script type="text/javascript"> $(function() { $("#valiCode").bind("click", function() { this.src = "../Account/GetValidateCode?time=" + (new Date()).getTime(); }); //alert("good"); }); </script>