使用加密cookie代替session验证用户登录状态

kerlubasola

浏览: 677625 次

最近访客更多访客>>

crow_java

zhuxinyu

残香渐逝

jokerwu

博主相关

博客

微博

相册

留言

关于我

文章分类

全部博客 (911)

社区版块

存档分类

2012-07 ( 17)
2012-06 ( 148)
2012-05 ( 161)
更多存档...

http://rayyu.5d6d.net/thread-9444-1-1.html

首先 session 和 cache 拥有各自的优势而存在.他们的优劣就不在这里讨论了.
以下类实现了使用加密cookie代替session验证用户登录状态支持 1小时/1周有效期2种模式 (期间有新的请求则更新失效时间)

vs2010项目(同样适合05，08项目) 源码下载地址http://www.370b.com/bbsx/cookie-login/cookie.rar在自定义字符CustomCode 不被知道的情况下该加密过程是相对安全的.
你还可以更改其中的 2处MD5哈希值生成的方式、DEChar(ENChar)混淆字符让代码更与众不同

调用方式

Dim user As New Rayyu.User() '初始化用户信息(检测当前请求用户是否登录)
If user.Online Then
Response.Write("<br />name:" & user.Name & ",online:" & user.Online & ",id:" & user.ID)
End If
Dim user2 As New Rayyu.User(1, "用户名", False) ‘初始化(写入新用户)

复制代码

vb code:

Imports System.Web
Imports System.Text.RegularExpressions
Imports System.Text
Imports System.Security.Cryptography
''' <summary>
''' 用户登录机制支持1小时/1周状态
''' </summary>
''' <remarks></remarks>
Public Class User
#Region "自定义参数"
''' <summary>
''' 自定义字符用于第一层加解密密匙
''' </summary>
''' <remarks></remarks>
Private Const CustomCode As String = "QQ：867863456"
''' <summary>
''' cookie名
''' </summary>
''' <remarks></remarks>
Private Const CookieName As String = "userinfo"
''' <summary>
''' Cookie作用域
''' </summary>
''' <remarks></remarks>
Private Const CookieDomain As String = ".370b.com"
''' <summary>
''' 编码
''' </summary>
''' <remarks></remarks>
Private Shared Encoder As Encoding = Encoding.UTF8
''' <summary>
''' 用户名的正则检测我的是：首位由字母或者汉字构成，由字母、数字、下划线、和汉字的 2-20位的字符组合而成的
''' </summary>
''' <remarks></remarks>
Private Const RegexUserName As String = "[a-zA-Z\u4e00-\u9fa5][\w\u4e00-\u9fa5]{1,19}"
''' <summary>
''' 区域化信息设置
''' </summary>
''' <remarks></remarks>
Private Shared ReadOnly Format As Globalization.CultureInfo = New System.Globalization.CultureInfo("zh-CN", True)
#End Region
#Region "回调参数"
''' <summary>
''' 是否在线
''' </summary>
''' <remarks></remarks>
Public ReadOnly Property Online As Boolean
Get
Return _Online
End Get
End Property
Private _Online As Boolean = False
''' <summary>
''' 用户ID (Online=true情况下使用)
''' </summary>
''' <remarks></remarks>
Public ReadOnly Property Id As Integer
Get
Return _Id
End Get
End Property
Private _Id As Integer
''' <summary>
''' 用户名 (Online=true情况下使用)
''' </summary>
''' <remarks></remarks>
Public ReadOnly Property Name As String
Get
Return _Name
End Get
End Property
Private _Name As String
''' <summary>
''' 有效期是否为7天
''' </summary>
''' <remarks></remarks>
Public ReadOnly Property IsWeek As Boolean
Get
Return _IsWeek
End Get
End Property
Private ReadOnly _IsWeek As Boolean
#End Region
''' <summary>
''' 初始化用户信息(检测当前请求用户是否登录)
''' </summary>
''' <remarks></remarks>
Public Sub New()
'读取cookie
Dim cookie As HttpCookie = HttpContext.Current.Request.Cookies(CookieName)
If cookie IsNot Nothing Then
'存在cookie
Dim value As String = cookie.Values("u"), key As String = cookie.Values("i"), tname As String = cookie.Values("n")
cookie = Nothing
If tname IsNot Nothing AndAlso value IsNot Nothing AndAlso key IsNot Nothing AndAlso Regex.IsMatch(key, "^[1-8A-H]{2}(-[1-8A-H]{2}){7}$", Text.RegularExpressions.RegexOptions.None) Then
'存在对应键值
Dim keybyte As Byte() = toByte(DEChar(key)) '解密密匙的后8位字节由参数i构成
If keybyte IsNot Nothing Then
Dim autocode() As Byte '解密密匙的前16位字节由用户UserAgent，用户名，自定义字符组合而成的 md5
Using m As New System.Security.Cryptography.MD5CryptoServiceProvider()
autocode = m.ComputeHash(Encoder.GetBytes(String.Format(Format, "{0}_{2}_{1}", HttpContext.Current.Request.UserAgent, tname, CustomCode)))
m.Clear()
End Using
Dim keyboard() As Byte = New Byte(keybyte.Length + autocode.Length - 1) {}
autocode.CopyTo(keyboard, 0)
keybyte.CopyTo(keyboard, autocode.Length)
value = DesDecrypt(value, keyboard)
If value.Length > 0 Then
'解密成功第一层合法
Dim values As Match = Regex.Match(value, "^(?<md5>[\w]{32})(?<isweek>[01])(?<id>[\d]{1,10})(?<name>" & RegexUserName & ")\|(?<exp>[\d]{1,19})$")
If values.Success Then
Dim LostDateTime As Long
If Integer.TryParse(values.Groups("id").Value, Me._Id) AndAlso Me._Id > 0 AndAlso Long.TryParse(values.Groups("exp").Value, LostDateTime) AndAlso LostDateTime > 0 Then
'解密后的字符串格式正确
Me._IsWeek = (values.Groups("isweek").Value = "1")
'此md5用于验证解密后的字符串由用户id，用户名，cookie写入时间，自定义字符串以及有效期是否是1周组合
Dim md5 As String = MD5Public(String.Format(Format, "{0}{5}{1}{2}:rayyu.{3};{4}", values.Groups("id").Value, values.Groups("exp").Value, values.Groups("name").Value, CookieDomain, IsWeek, CustomCode))
If md5 = values.Groups("md5").Value Then
'md5正常
Dim lostdate As Double = (Now - New DateTime(LostDateTime)).TotalMinutes
Dim l_a As Integer
If IsWeek Then
l_a = 10080
Else
l_a = 60
End If
If lostdate > 0 AndAlso lostdate < l_a Then
'cookie在有效期内
Me._Name = values.Groups("name").Value
Me._Online = True
If lostdate > 15 Then
'cookie以写入超过15分钟，从新写入1次cookie
SetUser(Me._Id, Me._Name, Me._IsWeek, autocode)
End If
End If
Else
Me._Id = 0
Me._Name = Nothing
End If
End If
End If
End If
End If
End If
End If
End Sub
''' <summary>
''' 初始化(写入新用户)
''' </summary>
''' <param name="userid">用户id</param>
''' <param name="username">用户名</param>
''' <param name="isweek">是否保持一周登录状态</param>
''' <remarks></remarks>
Public Sub New(ByVal userId As Integer, ByVal userName As String, ByVal isWeek As Boolean)
SetUser(userId, userName, isWeek)
Me._ID = userId
Me._Name = userName
Me._IsWeek = isWeek
Me._Online = True
End Sub
''' <summary>
''' 写入用户
''' </summary>
''' <param name="userid">用户id</param>
''' <param name="username">用户名</param>
''' <param name="isweek">是否保持一周登录状态</param>
''' <param name="autocode"></param>
''' <remarks></remarks>
Private Shared Sub SetUser(ByVal userid As Integer, ByVal username As String, ByVal isweek As Boolean, Optional ByVal autocode As Byte() = Nothing)
If autocode Is Nothing Then
'解密密匙的前16位字节由用户UserAgent，用户名，自定义字符组合而成的 md5
Using m As New System.Security.Cryptography.MD5CryptoServiceProvider()
autocode = m.ComputeHash(Encoder.GetBytes(String.Format(Format, "{0}_{2}_{1}", HttpContext.Current.Request.UserAgent, username, CustomCode)))
End Using
End If
Dim expires As DateTime
Dim isweekint As Char
If isweek Then
expires = Now.AddDays(7)
isweekint = "1"
Else
expires = Now.AddHours(1)
isweekint = "0"
End If
'解密密匙的后8位字节随机生成参数i
Dim rbyte() As Byte = Encoder.GetBytes(RandomCode(8))
Dim keyboard() As Byte = New Byte(23) {}
autocode.CopyTo(keyboard, 0)
'组合密匙长度为24位
rbyte.CopyTo(keyboard, autocode.Length)
autocode = Nothing
Dim exp As String = Now.Ticks.ToString("D", Format)
'加密字符串
Dim value As String = DesEncrypt(String.Format(Format, "{4}{0}{1}{2}|{3}", isweekint, userid, username, exp, MD5Public(String.Format(Format, "{0}{5}{1}{2}:rayyu.{3};{4}", userid, exp, username, CookieDomain, isweek, CustomCode))), keyboard)
keyboard = Nothing
Dim key As String = ENChar(System.BitConverter.ToString(rbyte)) '混淆参数i
rbyte = Nothing
'写入cookie
Dim cookie As New HttpCookie(CookieName)
cookie.Values.Add("n", username)
cookie.Values.Add("u", value)
cookie.Values.Add("i", key)
cookie.Path = "/"
cookie.Expires = expires
cookie.Domain = CookieDomain
HttpContext.Current.Response.Cookies.Set(cookie)
End Sub
''' <summary>
''' TripleDESC解密
''' </summary>
''' <param name="strText">待解密字符串</param>
''' <param name="key">密匙</param>
''' <returns></returns>
''' <remarks></remarks>
Protected Friend Shared Function DesDecrypt(ByVal strText As String, ByVal key As Byte()) As String
Try
Using provider As New System.Security.Cryptography.TripleDESCryptoServiceProvider()
provider.Key = key
provider.Mode = System.Security.Cryptography.CipherMode.ECB
Dim inputBuffer As Byte() = Convert.FromBase64String(strText)
Return Encoder.GetString(provider.CreateDecryptor().TransformFinalBlock(inputBuffer, 0, inputBuffer.Length)).Trim
End Using
Catch ex As CryptographicException
Return String.Empty
Catch ex As ArgumentNullException
Return String.Empty
Catch ex As DecoderFallbackException
Return String.Empty
Catch ex As ArgumentException
Return String.Empty
Catch ex As FormatException
Return String.Empty
End Try
End Function
''' <summary>
''' TripleDESC加密
''' </summary>
''' <param name="strText">待加密字符串</param>
''' <param name="key">密匙</param>
''' <returns></returns>
''' <remarks></remarks>
Protected Friend Shared Function DesEncrypt(ByVal strText As String, ByVal key As Byte()) As String
Try
Using provider As New System.Security.Cryptography.TripleDESCryptoServiceProvider()
provider.Key = key
provider.Mode = System.Security.Cryptography.CipherMode.ECB
Dim bytes As Byte() = Encoder.GetBytes(strText)
Return Convert.ToBase64String(provider.CreateEncryptor().TransformFinalBlock(bytes, 0, bytes.Length))
End Using
Catch ex As CryptographicException
Return String.Empty
Catch ex As ArgumentNullException
Return String.Empty
Catch ex As DecoderFallbackException
Return String.Empty
Catch ex As ArgumentException
Return String.Empty
Catch ex As FormatException
Return String.Empty
End Try
End Function
''' <summary>
''' md5加密
''' </summary>
''' <param name="str">待加密字符串</param>
''' <returns>返回加密后字符串</returns>
''' <remarks></remarks>
Private Shared Function MD5Public(ByVal str As String) As String
Dim returnx As String = "0000000000000000"
If str IsNot Nothing AndAlso str IsNot String.Empty Then
Try
Using m As New System.Security.Cryptography.MD5CryptoServiceProvider()
Dim MDByte As Byte() = m.ComputeHash(Encoder.GetBytes(str))
returnx = Strings.Replace(System.BitConverter.ToString(MDByte), "-", "")
m.Clear()
End Using
Catch ex As ObjectDisposedException
returnx = "0000000000000000"
Catch ex As ArgumentOutOfRangeException
returnx = "0000000000000003"
Catch ex As ArgumentNullException
returnx = "0000000000000001"
Catch ex As EncoderFallbackException
returnx = "0000000000000001"
Catch ex As InvalidOperationException
returnx = "0000000000000002"
End Try
End If
Return returnx
End Function
''' <summary>
''' 随机数
''' </summary>
''' <remarks></remarks>
Private Shared Randoms As New Random
''' <summary>
''' 随机字符集合
''' </summary>
''' <remarks></remarks>
Private Shared xarrChar() As Char = New Char() {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"}
''' <summary>
''' 生成随机数
''' </summary>
''' <returns></returns>
''' <remarks></remarks>
Public Shared Function RandomCode(ByVal length As Integer) As String
Dim str As String = ""
Dim mlength As Integer = xarrChar.Length
For i As Integer = 0 To length - 1
str &= xarrChar(Randoms.Next(0, mlength))
Next
Return str
End Function
''' <summary>
''' 16进制字符串转Byte数组
''' </summary>
''' <param name="value"></param>
''' <returns></returns>
''' <remarks></remarks>
Private Shared Function toByte(ByVal value As String) As Byte()
Try
Dim chars As String() = value.Split("-")
Dim length As Integer = chars.Length - 1
Dim byte_() As Byte = New Byte(length) {}
For i As Integer = 0 To length
byte_(i) = Convert.ToByte(chars(i), 16)
Next
Return byte_
Catch ex As ArgumentException
Return Nothing
Catch ex As FormatException
Return Nothing
Catch ex As OverflowException
Return Nothing
End Try
End Function
''' <summary>
''' TripleDESC-部分密匙字符混淆如果要修改下面的字符请注意修改上面的正则
''' </summary>
''' <param name="value"></param>
''' <returns></returns>
''' <remarks></remarks>
Private Shared Function ENChar(ByVal value As String) As String
value = Strings.Replace(value, "A", "H")
value = Strings.Replace(value, "B", "G")
value = Strings.Replace(value, "0", "B")
value = Strings.Replace(value, "9", "A")
Return value
End Function
''' <summary>
''' TripleDESC-部分密匙字符反混淆如果要修改下面的字符请注意修改上面的正则
''' </summary>
''' <param name="value"></param>
''' <returns></returns>
''' <remarks></remarks>
Private Shared Function DEChar(ByVal value As String) As String
value = Strings.Replace(value, "A", "9")
value = Strings.Replace(value, "B", "0")
value = Strings.Replace(value, "G", "B")
value = Strings.Replace(value, "H", "A")
Return value
End Function
End Class

复制代码

收藏分享评分

稚子溺水，邻人救之，主家责问衣何在？

分享到：QQ空间腾讯微博腾讯朋友

回复引用

订阅 TOP

rayyu

Admin

Rank: 13

帖子

825

精华

积分

425

魅力

鲜花

臭蛋

在线时间

1226 小时

注册时间

2007-8-6

管理员标识

沙发

发表于 2012-4-29 14:24|只看该作者

c#代码调用方式：

Rayyu.User user = new Rayyu.User();// 初始化用户信息(检测当前请求用户是否登录)
Rayyu.User user2 = new Rayyu.User(1, "用户名", false);// 初始化(写入新用户) false 表示1小时true表示1周
if (user.Online)
{
Response.Write("<br />name:" + user.Name + ",online:" + user.Online + ",id:" + user.Id);
}

复制代码

using System;
using System.Web;
using System.Text.RegularExpressions;
using System.Text;
using System.Security.Cryptography;
namespace Rayyu
{
/// <summary>
/// 用户登录机制支持1小时/1周状态
/// </summary>
/// <remarks></remarks>
public class User
{
#region "自定义参数"
/// <summary>
/// 自定义字符用于第一层加解密密匙
/// </summary>
/// <remarks></remarks>
private const string CustomCode = "QQ：867863456";
/// <summary>
/// cookie名
/// </summary>
/// <remarks></remarks>
private const string CookieName = "userinfo";
/// <summary>
/// Cookie作用域
/// </summary>
/// <remarks></remarks>
private const string CookieDomain = ".370b.com";
/// <summary>
/// 编码
/// </summary>
/// <remarks></remarks>
private static Encoding Encoder = Encoding.UTF8;
/// <summary>
/// 用户名的正则检测我的是：首位由字母或者汉字构成，由字母、数字、下划线、和汉字的 2-20位的字符组合而成的
/// </summary>
/// <remarks></remarks>
private const string RegexUserName = "[a-zA-Z\\u4e00-\\u9fa5][\\w\\u4e00-\\u9fa5]{1,19}";
/// <summary>
/// 区域化信息设置
/// </summary>
/// <remarks></remarks>
private static System.Globalization.CultureInfo Format = new System.Globalization.CultureInfo("zh-CN", true);
#endregion
#region "回调参数"
/// <summary>
/// 是否在线
/// </summary>
/// <remarks></remarks>
publicbool Online
{
get { return _Online; }
}
privatebool _Online = false;
/// <summary>
/// 用户ID (Online=true情况下使用)
/// </summary>
/// <remarks></remarks>
publicint Id
{
get { return _Id; }
}
private int _Id;
/// <summary>
/// 用户名 (Online=true情况下使用)
/// </summary>
/// <remarks></remarks>
publicstring Name
{
get { return _Name; }
}
private string _Name;
/// <summary>
/// 有效期是否为7天
/// </summary>
/// <remarks></remarks>
public bool IsWeek
{
get { return _isWeek; }
}
private bool _isWeek;
#endregion
/// <summary>
/// 初始化用户信息(检测当前请求用户是否登录)
/// </summary>
/// <remarks></remarks>
public User()
{
//读取cookie
HttpCookie cookie = HttpContext.Current.Request.Cookies[CookieName];
if (cookie != null)
{
//存在cookie
string value = cookie.Values["u"];
string key = cookie.Values["i"];
string tname = cookie.Values["n"];
cookie = null;
if (tname != null && value != null && key != null && Regex.IsMatch(key, "^[1-8A-H]{2}(-[1-8A-H]{2}){7}$", System.Text.RegularExpressions.RegexOptions.None))
{
//存在对应键值
byte[] keybyte = toByte(DEChar(key));
//解密密匙的后8位字节由参数i构成
if (keybyte != null)
{
byte[] autocode;
//解密密匙的前16位字节由用户UserAgent，用户名，自定义字符组合而成的 md5
using (System.Security.Cryptography.MD5CryptoServiceProvider m = new System.Security.Cryptography.MD5CryptoServiceProvider())
{
autocode = m.ComputeHash(Encoder.GetBytes(string.Format(Format, "{0}_{2}_{1}", HttpContext.Current.Request.UserAgent, tname, CustomCode)));
}
byte[] keyboard = new byte[keybyte.Length + autocode.Length];
autocode.CopyTo(keyboard, 0);
keybyte.CopyTo(keyboard, autocode.Length);
value = DesDecrypt(value, keyboard);
if (value.Length > 0)
{
//解密成功第一层合法
Match values = Regex.Match(value, "^(?<md5>[\\w]{32})(?<isweek>[01])(?<id>[\\d]{1,10})(?<name>" + RegexUserName + ")\\|(?<exp>[\\d]{1,19})$");
if (values.Success)
{
long LostDateTime = 0;
if (int.TryParse(values.Groups["id"].Value, out this._Id) && this._Id > 0 && long.TryParse(values.Groups["exp"].Value, out LostDateTime) && LostDateTime > 0)
{
//解密后的字符串格式正确
this._isWeek = (values.Groups["isweek"].Value == "1");
//此md5用于验证解密后的字符串由用户id，用户名，cookie写入时间，自定义字符串以及有效期是否是1周组合
string md5 = MD5Public(string.Format(Format, "{0}{5}{1}{2}:rayyu.{3};{4}", values.Groups["id"].Value, values.Groups["exp"].Value, values.Groups["name"].Value, CookieDomain, _isWeek, CustomCode));
if (md5 == values.Groups["md5"].Value)
{
//md5正常
double lostdate = (DateTime.Now - new DateTime(LostDateTime)).TotalMinutes;
int l_a = 0;
if (_isWeek)
{
l_a = 10080;
}
else
{
l_a = 60;
}
if (lostdate > 0 && lostdate < l_a)
{
//cookie在有效期内
this._Name = values.Groups["name"].Value;
this._Online = true;
if (lostdate > 15)
{
//cookie以写入超过15分钟，从新写入1次cookie
SetUser(this._Id, this._Name, this._isWeek, autocode);
}
}
}
else
{
this._Id = 0;
this._Name = null;
}
}
}
}
}
}
}
}
/// <summary>
/// 初始化(写入新用户)
/// </summary>
/// <param name="userid">用户id</param>
/// <param name="username">用户名</param>
/// <param name="isweek">是否保持一周登录状态</param>
/// <remarks></remarks>
public User(int userId, string userName, bool isWeek)
{
SetUser(userId, userName, isWeek);
this._Id = userId;
this._Name = userName;
this._isWeek = isWeek;
this._Online = true;
}
/// <summary>
/// 写入用户
/// </summary>
/// <param name="userid">用户id</param>
/// <param name="username">用户名</param>
/// <param name="isweek">是否保持一周登录状态</param>
/// <param name="autocode"></param>
/// <remarks></remarks>
private static void SetUser(int userid, string username, bool isweek, byte[] autocode = null)
{
if (autocode == null)
{
//解密密匙的前16位字节由用户UserAgent，用户名，自定义字符组合而成的 md5
using (System.Security.Cryptography.MD5CryptoServiceProvider m = new System.Security.Cryptography.MD5CryptoServiceProvider())
{
autocode = m.ComputeHash(Encoder.GetBytes(string.Format(Format,"{0}_{2}_{1}", HttpContext.Current.Request.UserAgent, username, CustomCode)));
m.Clear();
}
}
DateTime expires = default(DateTime);
char isweekint;
if (isweek)
{
expires = DateTime.Now.AddDays(7);
isweekint = '1';
}
else
{
expires = DateTime.Now.AddHours(1);
isweekint = '0';
}
//解密密匙的后8位字节随机生成参数i
byte[] rbyte = Encoder.GetBytes(RandomCode(8));
byte[] keyboard = new byte[24];
autocode.CopyTo(keyboard, 0);
//组合密匙长度为24位
rbyte.CopyTo(keyboard, autocode.Length);
autocode = null;
string exp = DateTime.Now.Ticks.ToString("D", Format);
//加密字符串
string value = DesEncrypt(string.Format(Format, "{4}{0}{1}{2}|{3}", isweekint, userid, username, exp, MD5Public(string.Format(Format, "{0}{5}{1}{2}:rayyu.{3};{4}", userid, exp, username, CookieDomain, isweek, CustomCode))), keyboard);
keyboard = null;
string key = ENChar(System.BitConverter.ToString(rbyte));
//混淆参数i
rbyte = null;
//写入cookie
HttpCookie cookie = new HttpCookie(CookieName);
cookie.Values.Add("n", username);
cookie.Values.Add("u", value);
cookie.Values.Add("i", key);
cookie.Path = "/";
cookie.Expires = expires;
cookie.Domain = CookieDomain;
HttpContext.Current.Response.Cookies.Set(cookie);
}
/// <summary>
/// TripleDESC解密
/// </summary>
/// <param name="strText">待解密字符串</param>
/// <param name="key">密匙</param>
/// <returns></returns>
/// <remarks></remarks>
protected static internal string DesDecrypt(string strText, byte[] key)
{
try
{
using (System.Security.Cryptography.TripleDESCryptoServiceProvider provider = new System.Security.Cryptography.TripleDESCryptoServiceProvider())
{
provider.Key = key;
provider.Mode = System.Security.Cryptography.CipherMode.ECB;
byte[] inputBuffer = Convert.FromBase64String(strText);
return Encoder.GetString(provider.CreateDecryptor().TransformFinalBlock(inputBuffer, 0, inputBuffer.Length)).Trim();
}
}
catch(CryptographicException){
return string.Empty;
}
catch(ArgumentNullException){
return string.Empty;
}
catch(DecoderFallbackException){
return string.Empty;
}
catch(ArgumentException){
return string.Empty;
}
catch(FormatException){
return string.Empty;
}
}
/// <summary>
/// TripleDESC加密
/// </summary>
/// <param name="strText">待加密字符串</param>
/// <param name="key">密匙</param>
/// <returns></returns>
/// <remarks></remarks>
protected static internal string DesEncrypt(string strText, byte[] key)
{
try
{
using (System.Security.Cryptography.TripleDESCryptoServiceProvider provider = new System.Security.Cryptography.TripleDESCryptoServiceProvider())
{
provider.Key = key;
provider.Mode = System.Security.Cryptography.CipherMode.ECB;
byte[] bytes = Encoder.GetBytes(strText);
return Convert.ToBase64String(provider.CreateEncryptor().TransformFinalBlock(bytes, 0, bytes.Length));
}
}
catch (CryptographicException)
{
return string.Empty;
}
catch (ArgumentNullException)
{
return string.Empty;
}
catch (DecoderFallbackException)
{
return string.Empty;
}
catch (ArgumentException)
{
return string.Empty;
}
catch (FormatException)
{
return string.Empty;
}
}
/// <summary>
/// md5加密
/// </summary>
/// <param name="str">待加密字符串</param>
/// <returns>返回加密后字符串</returns>
/// <remarks></remarks>
private static string MD5Public(string str)
{
using (System.Security.Cryptography.MD5CryptoServiceProvider m = new System.Security.Cryptography.MD5CryptoServiceProvider())
{
byte[] MDByte = m.ComputeHash(Encoder.GetBytes(str));
return System.BitConverter.ToString(MDByte).Replace("-", "");
}
}
/// <summary>
/// 随机数
/// </summary>
/// <remarks></remarks>
private static Random Randoms = new Random();
/// <summary>
/// 随机字符集合
/// </summary>
/// <remarks></remarks>
private static char[] xarrChar = new char[] {
'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'
};
/// <summary>
/// 生成随机数
/// </summary>
/// <returns></returns>
/// <remarks></remarks>
public static string RandomCode(int length)
{
string str = "";
int mlength = xarrChar.Length;
for (int i = 0; i < length; i++)
{
str += xarrChar[Randoms.Next(0, mlength)];
}
return str;
}
/// <summary>
/// 16进制字符串转Byte数组
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
/// <remarks></remarks>
private static byte[] toByte(string value)
{
try
{
string[] chars = value.Split('-');
int length = chars.Length;
byte[] byte_ = new byte[length];
for (int i = 0; i < length; i++)
{
byte_[i] = Convert.ToByte(chars[i], 16);
}
return byte_;
}
catch (ArgumentException){
return null;
}
catch (FormatException){
return null;
}
catch (OverflowException){
return null;
}
}
/// <summary>
/// TripleDESC-部分密匙字符混淆如果要修改下面的字符请注意修改上面的正则
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
/// <remarks></remarks>
private static string ENChar(string value)
{
value = value.Replace( "A", "H");
value = value.Replace( "B", "G");
value = value.Replace( "0", "B");
value = value.Replace( "9", "A");
return value;
}
/// <summary>
/// TripleDESC-部分密匙字符反混淆如果要修改下面的字符请注意修改上面的正则
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
/// <remarks></remarks>
private static string DEChar(string value)
{
value = value.Replace( "A", "9");
value = value.Replace( "B", "0");
value = value.Replace( "G", "B");
value = value.Replace( "H", "A");
return value;
}
}
}

复制代码

稚子溺水，邻人救之，主家责问衣何在？

回复引用

TOP

rayyu

Admin

Rank: 13

帖子

825

精华

积分

425

魅力

鲜花

臭蛋

在线时间

1226 小时

注册时间

2007-8-6

管理员标识

板凳

发表于 2012-4-29 16:04|只看该作者

加密后的cookie值枚举：
客户端可以获取cookie的 n值来简单判断是否登录 n为用户名，配合静态页和缓存动态显示登录状态

n=rayyu_EJPSiju2JJNeh5&u=VWpc9dv5v8e4APbbhJmSP+yifwZNEcyRy6V/RwzqV2pmo+x6hNLHI/pLlzl8+KgdWpMHtTTOYpGMe3tCrAIKkmeCrKG7BpSVUYF0piopz757NPb43Z4ehA==&i=56-76-68-35-4A-37-57-35
n=rayyu_P5O7ouiq5JVaMf&u=gWz/itCIlbupWCv7iziBuYCwT1SF4+IbyFbwa5Hmm+up4iuCxKMCl24+bLRb0Y/6RMyfzcpuJwu8gT/Yqg1UV1bd9UqgQYzrLdibP9zaXkYjYyT56gkCBg==&i=5B-65-54-34-6G-35-4C-45

n=rayyu_bNJuGxps3Kqtxl&u=kUorl6z713eYdjkhRidocZKHMh2Mw6j5LowmevsWiKZsn81dzlsPcH4fp1VJsi2dtObeYvMJTCybLrv45TsdLIT7nhZcQJdxKGn1oaK/7a3Ldfte6zoQqg==&i=4H-5B-53-6A-6H-75-32-4H
n=rayyu_TF0hpOgdGhliK8&u=1O9Zi4V9Qj2HH63dEfXaLaoj3X6ea9azIBjuLjFBJqhiTQefz2x161IIDpWaviJr1TTECBdb4NCIiFOEsEY9C4gl+/Equjc7tGpO12ixEkZz70bMg48M9w==&i=4H-4E-65-68-35-7A-5B-35

n=rayyu_9INryZvNo1pCKm&u=wQgRgtf+uy9jKQXJhr7DerZtFeYmm2Lx10Asgf52HTzkar9iHXkVaJJqHtwWA9K635QU4bGLYZPWl3nj0rxOhOe93ew+bIAR8FWr2zPwvfZ++TwB3670LQ==&i=4F-37-6F-75-6A-71-35-4H

复制搜索

分享到：