FormsAuthentication.HashPasswordForStoringInConfigFile(String, String) 方法

定義

警告

此 API 現已淘汰。

根據指定的密碼和雜湊演算法,產生適用於存放在組態檔中的雜湊密碼。Produces a hash password suitable for storing in a configuration file based on the specified password and hash algorithm.

public:
 static System::String ^ HashPasswordForStoringInConfigFile(System::String ^ password, System::String ^ passwordFormat);
[System.Obsolete("The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see https://go.microsoft.com/fwlink/?LinkId=252463.")]
public static string HashPasswordForStoringInConfigFile (string password, string passwordFormat);
static member HashPasswordForStoringInConfigFile : string * string -> string
Public Shared Function HashPasswordForStoringInConfigFile (password As String, passwordFormat As String) As String

參數

password
String

要做雜湊演算的密碼。The password to hash.

passwordFormat
String

要使用的雜湊演算法。The hash algorithm to use. passwordFormatString,表示一個 FormsAuthPasswordFormat 列舉值。passwordFormat is a String that represents one of the FormsAuthPasswordFormat enumeration values.

傳回

已雜湊的密碼。The hashed password.

屬性

例外狀況

passwordnullpassword is null

-或--or- passwordFormatnullpasswordFormat is null.

passwordFormat 不是有效的 FormsAuthPasswordFormat 值。passwordFormat is not a valid FormsAuthPasswordFormat value.

範例

下列程式碼範例會採用使用者名稱、密碼和雜湊類型,並顯示包含使用者定義和雜湊密碼之設定的 [認證] 區段。The following code example takes a user name, password, and hash type and displays the credentials section of the configuration that includes the user definition and hashed password.

重要

此範例包含可接受使用者輸入的文字方塊,這是潛在的安全性威脅。This example contains a text box that accepts user input, which is a potential security threat. 根據預設,ASP.NET Web 網頁會驗證使用者輸入未包含指令碼或 HTML 項目。By default, ASP.NET Web pages validate that user input does not include script or HTML elements. 如需詳細資訊,請參閱 Script Exploits Overview (指令碼攻擊概觀)。For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
   <head>
    <title>ASP.NET Example</title>
<script runat="server">
         void Cancel_Click(object sender, EventArgs e)
         {
            userName.Text = "";
            password.Text = "";
            repeatPassword.Text = "";
            result.Text = "";
         }
    
         void HashPassword_Click(object sender, EventArgs e)
         {
            if (Page.IsValid)
            {
               string hashMethod = "";

               if (md5.Checked)
               {
                  hashMethod = "MD5";
               }
               else
               {
                  hashMethod = "SHA1";
               }
    
               string hashedPassword =
                  FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod);
    
               result.Text = "&lt;credentials passwordFormat=\"" + hashMethod +"\"&gt;<br />" +
                  "  &lt;user name=\"" + Server.HtmlEncode(userName.Text) + "\" password=\"" +
                  hashedPassword + "\" /&gt;<br />" + "&lt;/credentials&gt;";
            }
            else
            {
               result.Text = "There was an error on the page.";
            }
         }
      </script>
   </head>

   <body>
      <form id="form1" runat="server">
         <p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
         method.<br />The user name and hashed password can be stored in a &lt;credentials&gt; node
         in the Web.config file.</p>
         <table cellpadding="2">
            <tbody>
               <tr>
                  <td>New User Name:</td>
                  <td><asp:TextBox id="userName" runat="server" /></td>
                  <td><asp:RequiredFieldValidator id="userNameRequiredValidator" 
                        runat="server" ErrorMessage="User name required" 
                        ControlToValidate="userName" /></td>
               </tr>
               <tr>
                  <td>Password: </td>
                  <td><asp:TextBox id="password" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="passwordRequiredValidator" 
                        runat="server" ErrorMessage="Password required" 
                        ControlToValidate="password" /></td>
               </tr>
               <tr>
                  <td>Repeat Password: </td>
                  <td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="repeatPasswordRequiredValidator" 
                        runat="server" ErrorMessage="Password confirmation required" 
                        ControlToValidate="repeatPassword" />
                      <asp:CompareValidator id="passwordCompareValidator" runat="server" 
                        ErrorMessage="Password does not match" 
                        ControlToValidate="repeatPassword" 
                        ControlToCompare="password" /></td>
               </tr>
               <tr>
                  <td>Hash function:</td>
                  <td align="center">
                     <asp:RadioButton id="sha1" runat="server" GroupName="HashType" 
                                      Text="SHA1" />
                     <asp:RadioButton id="md5" runat="server" GroupName="HashType" 
                                      Text="MD5" />
                  </td>
               </tr>
               <tr>
                  <td align="center" colspan="2">
                    <asp:Button id="hashPassword" onclick="HashPassword_Click" 
                                runat="server" Text="Hash Password" />&nbsp;&nbsp; 
                    <asp:Button id="cancel" onclick="Cancel_Click" runat="server" 
                                Text="Cancel" CausesValidation="false" />
                  </td>
               </tr>
            </tbody>
         </table>

         <pre><asp:Label id="result" runat="server"></asp:Label></pre>
      </form>
   </body>
</html>
<%@ Page Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
   <head>
    <title>ASP.NET Example</title>
<script runat="server">
         Sub Cancel_Click(sender As Object, e As EventArgs)
            userName.Text = ""
            password.Text = ""
            repeatPassword.Text = ""
            result.Text = ""
         End Sub
    
         Sub HashPassword_Click(sender As Object, e As EventArgs)
            If Page.IsValid Then
               Dim hashMethod As String = ""

               If md5.Checked Then
                  hashMethod = "MD5"
               Else
                  hashMethod = "SHA1"
               End If
    
               Dim hashedPassword As String = _
                  FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod)
    
               result.Text = "&lt;credentials passwordFormat=""" & hashMethod & _
                 """&gt;<br />" & "  &lt;user name=""" & Server.HtmlEncode(userName.Text) & """ password=""" & _
                 hashedPassword & """ /&gt;<br />" & "&lt;/credentials&gt;"
            Else
               result.Text = "There was an error on the page."
            End If
         End Sub
      </script>
   </head>

   <body>
      <form id="form1" runat="server">
         <p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
         method.<br />The user name and hashed password can be stored in a &lt;credentials&gt; node
         in the Web.config file.</p>
         <table cellpadding="2">
            <tbody>
               <tr>
                  <td>New User Name:</td>
                  <td><asp:TextBox id="userName" runat="server" /></td>
                  <td><asp:RequiredFieldValidator id="userNameRequiredValidator" 
                        runat="server" ErrorMessage="User name required" 
                        ControlToValidate="userName" /></td>
               </tr>
               <tr>
                  <td>Password: </td>
                  <td><asp:TextBox id="password" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="passwordRequiredValidator" 
                        runat="server" ErrorMessage="Password required" 
                        ControlToValidate="password" /></td>
               </tr>
               <tr>
                  <td>Repeat Password: </td>
                  <td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="repeatPasswordRequiredValidator" 
                        runat="server" ErrorMessage="Password confirmation required" 
                        ControlToValidate="repeatPassword" />
                      <asp:CompareValidator id="passwordCompareValidator" runat="server" 
                        ErrorMessage="Password does not match" 
                        ControlToValidate="repeatPassword" 
                        ControlToCompare="password" /></td>
               </tr>
               <tr>
                  <td>Hash function:</td>
                  <td align="center">
                     <asp:RadioButton id="sha1" runat="server" GroupName="HashType" 
                                      Text="SHA1" />
                     <asp:RadioButton id="md5" runat="server" GroupName="HashType" 
                                      Text="MD5" />
                  </td>
               </tr>
               <tr>
                  <td align="center" colspan="2">
                    <asp:Button id="hashPassword" onclick="HashPassword_Click" 
                                runat="server" Text="Hash Password" />&nbsp;&nbsp; 
                    <asp:Button id="cancel" onclick="Cancel_Click" runat="server" 
                                Text="Cancel" CausesValidation="false" />
                  </td>
               </tr>
            </tbody>
         </table>

         <pre><asp:Label id="result" runat="server"></asp:Label></pre>
      </form>
   </body>
</html>

備註

HashPasswordForStoringInConfigFile 方法會建立可在應用程式的設定檔案中儲存表單驗證認證時使用的雜湊密碼值。The HashPasswordForStoringInConfigFile method creates a hashed password value that can be used when storing forms-authentication credentials in the configuration file for an application.

Authenticate 方法會使用儲存在應用程式佈建檔中的驗證認證,來驗證應用程式使用者的密碼。Authentication credentials stored in the configuration file for an application are used by the Authenticate method to verify passwords for users of an application. 或者,您可以使用 ASP.NET 成員資格來儲存使用者認證。Alternatively, you can use ASP.NET membership to store user credentials. 如需詳細資訊,請參閱使用成員資格來管理使用者For more information, see Managing Users by Using Membership.

適用於

另請參閱