FormsAuthentication.HashPasswordForStoringInConfigFile(String, String) Metode

Referensi

Definisi

Ruang nama:: System.Web.Security

Rakitan:: System.Web.dll

Penting

Beberapa informasi terkait produk prarilis yang dapat diubah secara signifikan sebelum dirilis. Microsoft tidak memberikan jaminan, tersirat maupun tersurat, sehubungan dengan informasi yang diberikan di sini.

Perhatian

The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.

Menghasilkan kata sandi hash yang cocok untuk disimpan dalam file konfigurasi berdasarkan kata sandi dan algoritma hash yang ditentukan.

public:
 static System::String ^ HashPasswordForStoringInConfigFile(System::String ^ password, System::String ^ passwordFormat);

public static string HashPasswordForStoringInConfigFile (string password, string passwordFormat);

[System.Obsolete("The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.")]
public static string HashPasswordForStoringInConfigFile (string password, string passwordFormat);

static member HashPasswordForStoringInConfigFile : string * string -> string

[<System.Obsolete("The recommended alternative is to use the Membership APIs, such as Membership.CreateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.")>]
static member HashPasswordForStoringInConfigFile : string * string -> string

Public Shared Function HashPasswordForStoringInConfigFile (password As String, passwordFormat As String) As String

Parameter

password: String

Kata sandi untuk hash.

passwordFormat: String

Algoritma hash yang akan digunakan. passwordFormat adalah String yang mewakili salah FormsAuthPasswordFormat satu nilai enumerasi.

Mengembalikan

String

Kata sandi yang di-hash.

Atribut: ObsoleteAttribute

Pengecualian

ArgumentNullException

password is null

-atau-

passwordFormatadalah null.

ArgumentException

passwordFormat bukan nilai yang valid FormsAuthPasswordFormat .

Contoh

Contoh kode berikut mengambil nama pengguna, kata sandi, dan jenis hash dan menampilkan bagian kredensial konfigurasi yang menyertakan definisi pengguna dan kata sandi yang di-hash.

Penting

Contoh ini berisi kotak teks yang menerima input pengguna, yang merupakan potensi ancaman keamanan. Secara default, ASP.NET halaman Web memvalidasi bahwa input pengguna tidak menyertakan elemen skrip atau HTML. Untuk informasi selengkapnya, lihat Gambaran Umum Eksploitasi Skrip.

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
   <head>
    <title>ASP.NET Example</title>
<script runat="server">
         void Cancel_Click(object sender, EventArgs e)
         {
            userName.Text = "";
            password.Text = "";
            repeatPassword.Text = "";
            result.Text = "";
         }
    
         void HashPassword_Click(object sender, EventArgs e)
         {
            if (Page.IsValid)
            {
               string hashMethod = "";

               if (md5.Checked)
               {
                  hashMethod = "MD5";
               }
               else
               {
                  hashMethod = "SHA1";
               }
    
               string hashedPassword =
                  FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod);
    
               result.Text = "<credentials passwordFormat=\"" + hashMethod +"\"><br />" +
                  "  <user name=\"" + Server.HtmlEncode(userName.Text) + "\" password=\"" +
                  hashedPassword + "\" /><br />" + "</credentials>";
            }
            else
            {
               result.Text = "There was an error on the page.";
            }
         }
      </script>
   </head>

   <body>
      <form id="form1" runat="server">
         <p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
         method.<br />The user name and hashed password can be stored in a <credentials> node
         in the Web.config file.</p>
         <table cellpadding="2">
            <tbody>
               <tr>
                  <td>New User Name:</td>
                  <td><asp:TextBox id="userName" runat="server" /></td>
                  <td><asp:RequiredFieldValidator id="userNameRequiredValidator" 
                        runat="server" ErrorMessage="User name required" 
                        ControlToValidate="userName" /></td>
               </tr>
               <tr>
                  <td>Password: </td>
                  <td><asp:TextBox id="password" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="passwordRequiredValidator" 
                        runat="server" ErrorMessage="Password required" 
                        ControlToValidate="password" /></td>
               </tr>
               <tr>
                  <td>Repeat Password: </td>
                  <td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="repeatPasswordRequiredValidator" 
                        runat="server" ErrorMessage="Password confirmation required" 
                        ControlToValidate="repeatPassword" />
                      <asp:CompareValidator id="passwordCompareValidator" runat="server" 
                        ErrorMessage="Password does not match" 
                        ControlToValidate="repeatPassword" 
                        ControlToCompare="password" /></td>
               </tr>
               <tr>
                  <td>Hash function:</td>
                  <td align="center">
                     <asp:RadioButton id="sha1" runat="server" GroupName="HashType" 
                                      Text="SHA1" />
                     <asp:RadioButton id="md5" runat="server" GroupName="HashType" 
                                      Text="MD5" />
                  </td>
               </tr>
               <tr>
                  <td align="center" colspan="2">
                    <asp:Button id="hashPassword" onclick="HashPassword_Click" 
                                runat="server" Text="Hash Password" />   
                    <asp:Button id="cancel" onclick="Cancel_Click" runat="server" 
                                Text="Cancel" CausesValidation="false" />
                  </td>
               </tr>
            </tbody>
         </table>

         <pre><asp:Label id="result" runat="server"></asp:Label></pre>
      </form>
   </body>
</html>

<%@ Page Language="VB" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
   <head>
    <title>ASP.NET Example</title>
<script runat="server">
         Sub Cancel_Click(sender As Object, e As EventArgs)
            userName.Text = ""
            password.Text = ""
            repeatPassword.Text = ""
            result.Text = ""
         End Sub
    
         Sub HashPassword_Click(sender As Object, e As EventArgs)
            If Page.IsValid Then
               Dim hashMethod As String = ""

               If md5.Checked Then
                  hashMethod = "MD5"
               Else
                  hashMethod = "SHA1"
               End If
    
               Dim hashedPassword As String = _
                  FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, hashMethod)
    
               result.Text = "<credentials passwordFormat=""" & hashMethod & _
                 """><br />" & "  <user name=""" & Server.HtmlEncode(userName.Text) & """ password=""" & _
                 hashedPassword & """ /><br />" & "</credentials>"
            Else
               result.Text = "There was an error on the page."
            End If
         End Sub
      </script>
   </head>

   <body>
      <form id="form1" runat="server">
         <p>This form displays the results of the FormsAuthentication.HashPasswordForStoringInConfigFile
         method.<br />The user name and hashed password can be stored in a <credentials> node
         in the Web.config file.</p>
         <table cellpadding="2">
            <tbody>
               <tr>
                  <td>New User Name:</td>
                  <td><asp:TextBox id="userName" runat="server" /></td>
                  <td><asp:RequiredFieldValidator id="userNameRequiredValidator" 
                        runat="server" ErrorMessage="User name required" 
                        ControlToValidate="userName" /></td>
               </tr>
               <tr>
                  <td>Password: </td>
                  <td><asp:TextBox id="password" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="passwordRequiredValidator" 
                        runat="server" ErrorMessage="Password required" 
                        ControlToValidate="password" /></td>
               </tr>
               <tr>
                  <td>Repeat Password: </td>
                  <td><asp:TextBox id="repeatPassword" runat="server" TextMode="Password" /></td>
                  <td><asp:RequiredFieldValidator id="repeatPasswordRequiredValidator" 
                        runat="server" ErrorMessage="Password confirmation required" 
                        ControlToValidate="repeatPassword" />
                      <asp:CompareValidator id="passwordCompareValidator" runat="server" 
                        ErrorMessage="Password does not match" 
                        ControlToValidate="repeatPassword" 
                        ControlToCompare="password" /></td>
               </tr>
               <tr>
                  <td>Hash function:</td>
                  <td align="center">
                     <asp:RadioButton id="sha1" runat="server" GroupName="HashType" 
                                      Text="SHA1" />
                     <asp:RadioButton id="md5" runat="server" GroupName="HashType" 
                                      Text="MD5" />
                  </td>
               </tr>
               <tr>
                  <td align="center" colspan="2">
                    <asp:Button id="hashPassword" onclick="HashPassword_Click" 
                                runat="server" Text="Hash Password" />   
                    <asp:Button id="cancel" onclick="Cancel_Click" runat="server" 
                                Text="Cancel" CausesValidation="false" />
                  </td>
               </tr>
            </tbody>
         </table>

         <pre><asp:Label id="result" runat="server"></asp:Label></pre>
      </form>
   </body>
</html>

Keterangan

Metode ini HashPasswordForStoringInConfigFile membuat nilai kata sandi yang di-hash yang dapat digunakan saat menyimpan kredensial autentikasi formulir dalam file konfigurasi untuk aplikasi.

Kredensial autentikasi yang disimpan dalam file konfigurasi untuk aplikasi digunakan oleh Authenticate metode untuk memverifikasi kata sandi bagi pengguna aplikasi. Atau, Anda dapat menggunakan keanggotaan ASP.NET untuk menyimpan kredensial pengguna. Untuk informasi selengkapnya, lihat Mengelola Pengguna dengan Menggunakan Keanggotaan.

Berlaku untuk

Lihat juga

Keamanan Aplikasi Web ASP.NET

Bagikan melalui