FormsAuthentication.HashPasswordForStoringInConfigFile(String, String) 方法
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
警告
The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.
根據指定的密碼和雜湊演算法,產生適用於存放在組態檔中的雜湊密碼。
public:
static System::String ^ HashPasswordForStoringInConfigFile(System::String ^ password, System::String ^ passwordFormat);public static string HashPasswordForStoringInConfigFile (string password, string passwordFormat);[System.Obsolete("The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.")]
public static string HashPasswordForStoringInConfigFile (string password, string passwordFormat);static member HashPasswordForStoringInConfigFile : string * string -> string[<System.Obsolete("The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.")>]
static member HashPasswordForStoringInConfigFile : string * string -> stringPublic Shared Function HashPasswordForStoringInConfigFile (password As String, passwordFormat As String) As String參數
- password
- String
要做雜湊演算的密碼。
- passwordFormat
- String
要使用的雜湊演算法。 passwordFormat 是 String,表示一個 FormsAuthPasswordFormat 列舉值。
傳回
已雜湊的密碼。
- 屬性
例外狀況
passwordFormat 不是有效的 FormsAuthPasswordFormat 值。
範例
下列程式碼範例會採用使用者名稱、密碼和雜湊類型,並顯示組態的 認證區段 ,其中包含使用者定義和雜湊密碼。
重要
此範例包含一個文字方塊,可接受使用者輸入,這是潛在的安全性威脅。 根據預設,ASP.NET Web 網頁會驗證使用者輸入未包含指令碼或 HTML 項目。 如需詳細資訊,請參閱 Script Exploits Overview (指令碼攻擊概觀)。
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>ASP.NET Example</title>
<script runat="server">
void Cancel_Click(object sender, EventArgs e)
{
userName.Text = "";
password.Text = "";
repeatPassword.Text = "";
result.Text = "";
}
void HashPassword_Click(object sender, EventArgs e)
{
if (Page.IsValid)
{
string hashMethod = "";
if (md5.Checked)
{
hashMethod = "MD5";
}
else
{
hashMethod = "SHA1";
}
string hashedPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod);
result.Text = "<credentials passwordFormat=\"" + hashMethod +"\"><br />" +
" <user name=\"" + Server.HtmlEncode(userName.Text) + "\" password=\"" +
hashedPassword + "\" /><br />" + "</credentials>";
}
else
{
result.Text = "There was an error on the page.";
}
}
</script>
</head>
<body>
<form id="form1" runat="server">
<p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
method.<br />The user name and hashed password can be stored in a <credentials> node
in the Web.config file.</p>
<table cellpadding="2">
<tbody>
<tr>
<td>New User Name:</td>
<td><asp:TextBox id="userName" runat="server" /></td>
<td><asp:RequiredFieldValidator id="userNameRequiredValidator"
runat="server" ErrorMessage="User name required"
ControlToValidate="userName" /></td>
</tr>
<tr>
<td>Password: </td>
<td><asp:TextBox id="password" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="passwordRequiredValidator"
runat="server" ErrorMessage="Password required"
ControlToValidate="password" /></td>
</tr>
<tr>
<td>Repeat Password: </td>
<td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="repeatPasswordRequiredValidator"
runat="server" ErrorMessage="Password confirmation required"
ControlToValidate="repeatPassword" />
<asp:CompareValidator id="passwordCompareValidator" runat="server"
ErrorMessage="Password does not match"
ControlToValidate="repeatPassword"
ControlToCompare="password" /></td>
</tr>
<tr>
<td>Hash function:</td>
<td align="center">
<asp:RadioButton id="sha1" runat="server" GroupName="HashType"
Text="SHA1" />
<asp:RadioButton id="md5" runat="server" GroupName="HashType"
Text="MD5" />
</td>
</tr>
<tr>
<td align="center" colspan="2">
<asp:Button id="hashPassword" onclick="HashPassword_Click"
runat="server" Text="Hash Password" />
<asp:Button id="cancel" onclick="Cancel_Click" runat="server"
Text="Cancel" CausesValidation="false" />
</td>
</tr>
</tbody>
</table>
<pre><asp:Label id="result" runat="server"></asp:Label></pre>
</form>
</body>
</html>
<%@ Page Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>ASP.NET Example</title>
<script runat="server">
Sub Cancel_Click(sender As Object, e As EventArgs)
userName.Text = ""
password.Text = ""
repeatPassword.Text = ""
result.Text = ""
End Sub
Sub HashPassword_Click(sender As Object, e As EventArgs)
If Page.IsValid Then
Dim hashMethod As String = ""
If md5.Checked Then
hashMethod = "MD5"
Else
hashMethod = "SHA1"
End If
Dim hashedPassword As String = _
FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod)
result.Text = "<credentials passwordFormat=""" & hashMethod & _
"""><br />" & " <user name=""" & Server.HtmlEncode(userName.Text) & """ password=""" & _
hashedPassword & """ /><br />" & "</credentials>"
Else
result.Text = "There was an error on the page."
End If
End Sub
</script>
</head>
<body>
<form id="form1" runat="server">
<p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
method.<br />The user name and hashed password can be stored in a <credentials> node
in the Web.config file.</p>
<table cellpadding="2">
<tbody>
<tr>
<td>New User Name:</td>
<td><asp:TextBox id="userName" runat="server" /></td>
<td><asp:RequiredFieldValidator id="userNameRequiredValidator"
runat="server" ErrorMessage="User name required"
ControlToValidate="userName" /></td>
</tr>
<tr>
<td>Password: </td>
<td><asp:TextBox id="password" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="passwordRequiredValidator"
runat="server" ErrorMessage="Password required"
ControlToValidate="password" /></td>
</tr>
<tr>
<td>Repeat Password: </td>
<td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password" /></td>
<td><asp:RequiredFieldValidator id="repeatPasswordRequiredValidator"
runat="server" ErrorMessage="Password confirmation required"
ControlToValidate="repeatPassword" />
<asp:CompareValidator id="passwordCompareValidator" runat="server"
ErrorMessage="Password does not match"
ControlToValidate="repeatPassword"
ControlToCompare="password" /></td>
</tr>
<tr>
<td>Hash function:</td>
<td align="center">
<asp:RadioButton id="sha1" runat="server" GroupName="HashType"
Text="SHA1" />
<asp:RadioButton id="md5" runat="server" GroupName="HashType"
Text="MD5" />
</td>
</tr>
<tr>
<td align="center" colspan="2">
<asp:Button id="hashPassword" onclick="HashPassword_Click"
runat="server" Text="Hash Password" />
<asp:Button id="cancel" onclick="Cancel_Click" runat="server"
Text="Cancel" CausesValidation="false" />
</td>
</tr>
</tbody>
</table>
<pre><asp:Label id="result" runat="server"></asp:Label></pre>
</form>
</body>
</html>
備註
方法 HashPasswordForStoringInConfigFile 會建立雜湊密碼值,可在應用程式的組態檔中儲存表單驗證認證時使用。
方法會使用 Authenticate 儲存在應用程式組態檔中的驗證認證,來驗證應用程式使用者的密碼。 或者,您可以使用 ASP.NET 成員資格來儲存使用者認證。 如需詳細資訊,請參閱 使用成員資格管理使用者。