【发布时间】:2015-12-20 05:59:08
【问题描述】:
我在 c# asp.net 中有一个登录表单,我将用户的哈希密码存储在数据库中,如果我再次输入相同的密码,它会显示登录失败。这里 'textbox2' 是密码字段,'g' 是散列密码。我通过 sql 命令传递“g”,但登录总是失败。如果我以纯文本形式传递密码,则登录成功,顺便说一句,我已将数据库(Visual Studio)中的哈希值硬编码为 varchar(max)。这是一个问题吗?谢谢。
protected void Button1_Click(object sender, EventArgs e)
{
string g = TextBox2.Text;
StringBuilder Sb = new StringBuilder();
using (SHA256 hash = SHA256Managed.Create())
{
Encoding enc = Encoding.UTF8;
Byte[] result = hash.ComputeHash(enc.GetBytes(g));
foreach (Byte b in result)
Sb.Append(b.ToString("x2"));
}
g = Sb.ToString();
try
{
SqlConnection con = new SqlConnection(@"connectionstring");
String query = "select * from admin where Id = '" + TextBox1.Text + "'and secret = '" + g + "'";
SqlCommand myCommand = new SqlCommand(query, con);
myCommand.Parameters.AddWithValue("@Id", TextBox1.Text);
myCommand.Parameters.AddWithValue("@secret", g);
SqlDataReader dbr;
con.Open();
dbr = myCommand.ExecuteReader();
int count = 0;
while (dbr.Read())
{
count = count + 1;
}
con.Close();
if (count == 1)
{
Response.Redirect(@"main.aspx");
}
else
{
Label3.Visible = true;
}
}
catch (Exception ex)
{
}
【问题讨论】: