WEB系統(tǒng)中加密/解密URL傳輸參數(shù).
2024-07-21 02:24:33
供稿:網(wǎng)友
網(wǎng)上很多人在問怎么實(shí)現(xiàn)web系統(tǒng)url傳輸(表單提交)參數(shù)加密。例如:要進(jìn)行一個(gè)用戶帳號(hào)編輯,要傳遞用戶的id,url如下:http://localhost/mysystem/editaccounts.aspx?id=2
但又不想讓別人知道這個(gè)用戶的id為2,惡意的使用者可能還會(huì)將2修改,改為別的用戶id。
加密傳遞的參數(shù)值可以解決問題。
以下是自己寫的dec加密、解密的基類。
文件名:security.cs
using system;
using system.security.cryptography;
using system.io;
using system.text;
namespace eip.framework
{
///
/// security 的摘要說明。
/// security類實(shí)現(xiàn).net框架下的加密和解密。
/// copyright [email protected]@[email protected]
///
public class security
{
string _querystringkey = "abcdefgh"; //url傳輸參數(shù)加密key
string _passwordkey = "hgfedcba"; //password加密key
public security()
{
//
// todo: 在此處添加構(gòu)造函數(shù)邏輯
//
}
///
/// 加密url傳輸?shù)淖址?br> ///
///
///
public string encryptquerystring(string querystring)
{
return encrypt(querystring,_querystringkey);
}
///
/// 解密url傳輸?shù)淖址?br> ///
///
///
public string decryptquerystring(string querystring)
{
return decrypt(querystring,_querystringkey);
}
///
/// 加密帳號(hào)口令
///
///
///
public string encryptpassword(string password)
{
return encrypt(password,_passwordkey);
}
///
/// 解密帳號(hào)口令
///
///
///
public string decryptpassword(string password)
{
return decrypt(password,_passwordkey);
}
///
/// dec 加密過程
///
///
///
///
public string encrypt(string ptoencrypt,string skey)
{
descryptoserviceprovider des = new descryptoserviceprovider(); //把字符串放到byte數(shù)組中
byte[] inputbytearray = encoding.default.getbytes(ptoencrypt);
//byte[] inputbytearray=encoding.unicode.getbytes(ptoencrypt);
des.key = asciiencoding.ascii.getbytes(skey); //建立加密對(duì)象的密鑰和偏移量
des.iv = asciiencoding.ascii.getbytes(skey); //原文使用asciiencoding.ascii方法的getbytes方法
memorystream ms = new memorystream(); //使得輸入密碼必須輸入英文文本
cryptostream cs = new cryptostream(ms,des.createencryptor(),cryptostreammode.write);
cs.write(inputbytearray, 0, inputbytearray.length);
cs.flushfinalblock();
stringbuilder ret = new stringbuilder();
foreach(byte b in ms.toarray())
{
ret.appendformat("{0:x2}", b);
}
ret.tostring();
return ret.tostring();
}
///
/// dec 解密過程
///
///
///
///
public string decrypt(string ptodecrypt, string skey)
{
descryptoserviceprovider des = new descryptoserviceprovider();
byte[] inputbytearray = new byte[ptodecrypt.length / 2];
for(int x = 0; x < ptodecrypt.length / 2; x++)
{
int i = (convert.toint32(ptodecrypt.substring(x * 2, 2), 16));
inputbytearray[x] = (byte)i;
}
des.key = asciiencoding.ascii.getbytes(skey); //建立加密對(duì)象的密鑰和偏移量,此值重要,不能修改
des.iv = asciiencoding.ascii.getbytes(skey);
memorystream ms = new memorystream();
cryptostream cs = new cryptostream(ms, des.createdecryptor(),cryptostreammode.write);
cs.write(inputbytearray, 0, inputbytearray.length);
cs.flushfinalblock();
stringbuilder ret = new stringbuilder(); //建立stringbuild對(duì)象,createdecrypt使用的是流對(duì)象,必須把解密后的文本變成流對(duì)象
return system.text.encoding.default.getstring(ms.toarray());
}
///
/// 檢查己加密的字符串是否與原文相同
///
///
///
///
///
public bool validatestring(string enstring, string fostring, int mode)
{
switch (mode)
{
default:
case 1:
if (decrypt(enstring,_querystringkey) == fostring.tostring())
{
return true;
}
else
{
return false;
}
case 2:
if (decrypt(enstring,_passwordkey) == fostring.tostring())
{
return true;
}
else
{
return false;
}
}
}
}
}
類中url及帳號(hào)加密使用了不同的key。調(diào)用url加密過程如下:
eip.framework.security objsecurity = new eip.framework.security();
objsecurity.encryptquerystring(''待加密的字符串'');
解密:objsecurity.decryptquerystring(''傳遞過來的參數(shù));
本文來源于網(wǎng)頁(yè)設(shè)計(jì)愛好者web開發(fā)社區(qū)http://www.html.org.cn收集整理,歡迎訪問。
