[摘要]公司领导说登录验证的安全性怎样保证。建议採用UKEY验证相似网银解决,调用第三方YT公司产品。
解决方式:
前端页面:
可能是没有安装相应的控件或插件"); } } else { Ext.net.DirectMethods.Login(IsCheck); } }; </script> <script type="text/javascript" language="javascript"> function reloadCode() { var obj = document.getElementById('imgCode'); obj.src = "VerifyCode.aspx?"; } </script>
SoftKey2K ytsoftkey; String KeyPath; private string _randomcode; ////// 随机数 /// public string Randomcode { get { return _randomcode; } set { _randomcode = value; } } protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { System.Random random = new System.Random(); Session["rnd"] = rnd.Value = random.Next(0, 2147483646).ToString(); Response.Cookies.Add(new HttpCookie("CheckCode", "")); } } [DirectMethod] public void Login(string IsCheck) { Check(IsCheck) ; } ////// 登录验证 /// /// private void Check(string IsCheck) { if (Request.Cookies["CheckCode"] == null) { Notification.Show(new NotificationConfig { Title = "提醒", Icon = Icon.Information, Html = "您的浏览器设置已被禁用 Cookies,您必须设置浏览器同意使用 Cookies 选项后才干使用本系统。" }); return; } //验证码比較 if (String.Compare(Request.Cookies["CheckCode"].Value.ToUpper(), this.txtVerifyCode.Text.ToString().Trim().ToUpper(), true) != 0) { this.txtVerifyCode.SetValue(""); Notification.Show(new NotificationConfig { Title = "提醒", Icon = Icon.Information, Html = "验证码错误,请又一次输入" }); X.AddScript("document.getElementById('imgCode').src='VerifyCode.aspx?
';"); return; } else { Utility.MD5 md5 = new Utility.MD5(); DzPlatForm.Model.Users user = new Model.Users(); user.USERNAME = Utility.Baseclass.SqlFilter(txtUserName.Text.Trim());//过滤危急字符 user.PASSWORD = md5.MD5Encrypt(txtPassWord.Text.Trim());// md5.MD5Encrypt(Utility.Baseclass.SqlFilter(txtPassWord.Text.Trim()));//password进行加密 string sql = "select * from [users] where id=1"; DataTable dt = DbHelperSQL.Query(sql, null).Tables[0]; DzPlatForm.BLL.UserBLL usermgr = new DzPlatForm.BLL.UserBLL(); string UserId = usermgr.LoginCheck(user); if (UserId != "") { Model.LoginLog lg = new Model.LoginLog(); lg.Name = txtUserName.Text.Trim(); lg.Browser = Utility.IpBrowserHelper.getBrowser(); lg.Ip = Utility.IpBrowserHelper.getIP(); lg.System = Utility.IpBrowserHelper.SystemCheck(); BLL.LoginBLL logmgr = new BLL.LoginBLL(); logmgr.LoginInfor(lg); usermgr.Record(); Model.Indentify idf = new Model.Indentify(); idf.Userid = int.Parse(UserId); BLL.IndentifyBLL idmgr = new BLL.IndentifyBLL(); idmgr.GetIndentify(idf); Session["userid"] = UserId; Session["UserCode"] = txtUserName.Text.Trim(); Session["UserName"] = idf.Name; Session["utype"] = idf.IsSystem; Session["uip"] = lg.Ip; //X.Msg.Show(new MessageBoxConfig //{ // Title = "请等待", // Message = "正在载入项", // ProgressText = "初始化中...", // Width = 300, // Progress = true, // Closable = false, // AnimEl = this.btnlogin.ClientID //}); //this.StartLongAction(); String strData, m_StrEnc, Key, Flag; Flag = IsCheck; //Key:即增强算法密钥,这个要与设置在加密锁中的密钥一致 //增强算法密钥能够是每一把都不同样,也能够是都同样,假设是不同样的能够依据username在从数据库中获取相应的增强算法密钥,能够依据安全性及自身详细情况而定,这里使用了一个固定的值 // Key = "1234567890ABCDEF1234567890ABCDEF"; Key = idf.UkeyCode; //strData:要进行加密的数据 strData = rnd.Value.Trim();//Session["rnd"].ToString(); //'在server端对数据进行加密运算 m_StrEnc = Global.m_softkey.StrEnc(strData, Key); //比較client加密锁返回的加密结果与服务端的加密结果是否相符,假设相符就觉得是合法用户,因为使用了随机数,从而实现了一次一密的高安全性,能够用于高安全性的身份验证 if (Flag == "N")//内网不须要比对 { Response.Redirect("Index.aspx"); } else { if (m_StrEnc == return_EncData.Value) { Response.Redirect("Index.aspx"); } else { Notification.Show(new NotificationConfig { Title = "提醒", Icon = Icon.Information, Html = "<font style='color:red;'>该用户不是合法用户!</font>" }); } } } else { Notification.Show(new NotificationConfig { Title = "提醒", Icon = Icon.Information, Html = "<font style='color:red;'>帐号或者password有误,请又一次输入!</font>" }); X.AddScript("document.getElementById('imgCode').src='VerifyCode.aspx?';"); } } } /// <summary> /// 開始计算任务 /// </summary> private void StartLongAction() { this.Session["Task1"] = 0; ThreadPool.QueueUserWorkItem(LongAction); this.TaskManager1.StartTask("Task1"); } /// <summary> /// 计时器 /// </summary> /// <param name="state"></param> private void LongAction(object state) { for (int i = 0; i < 100; i++) { Thread.Sleep(10); this.Session["Task1"] = i + 1; } this.Session.Remove("Task1"); } /// <summary> /// 刷新进度条 /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void RefreshProgress(object sender, DirectEventArgs e) { object progress = this.Session["Task1"]; if (progress != null) { X.Msg.UpdateProgress(((int)progress) / 100f, string.Format(" {0} % {1}", progress.ToString(), 100)); } else { this.TaskManager1.StopTask("Task1"); X.MessageBox.Hide(); Response.Redirect("Index.aspx"); } } /// <summary> /// 更换皮肤 /// </summary> /// <param name="theme"></param> /// <returns></returns> public string GetThemeUrl(string theme) { Theme temp = (Theme)Enum.Parse(typeof(Theme), theme); this.Session["Ext.Net.Theme"] = temp; return (temp == Ext.Net.Theme.Default) ? "Default" : X.ResourceManager.GetThemeUrl(temp); } }
public class SoftKey { [DllImport("kernel32.dll")] public static extern int lstrlenA(string InString); [DllImport("kernel32.dll", EntryPoint = "RtlMoveMemory")] public static extern void CopyStringToByte(byte[] pDest, string pSourceg, int ByteLenr); [DllImport("kernel32.dll", EntryPoint = "RtlMoveMemory")] public static extern void CopyByteToString(StringBuilder pDest, byte[] pSource, int ByteLenr); //下面用于将16进制字符串转化为无符号长整型 private uint HexToInt(string s) { string[] hexch = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"}; s = s.ToUpper(); int i, j; int r, n, k; string ch; k = 1; r = 0; for (i = s.Length; i > 0; i--) { ch = s.Substring(i - 1, 1); n = 0; for (j = 0; j < 16; j++) if (ch == hexch[j]) n = j; r += (n * k); k *= 16; } return unchecked((uint)r); } public void EnCode(byte[] inb, byte[] outb, string Key) { UInt32 cnDelta, y, z, a, b, c, d, temp_2; UInt32[] buf = new UInt32[16]; int n, i, nlen; UInt32 sum; //UInt32 temp, temp_1; string temp_string; cnDelta = 2654435769; sum = 0; nlen = Key.Length; i = 0; for (n = 1; n <= nlen; n = n + 2) { temp_string = Key.Substring(n - 1, 2); buf[i] = HexToInt(temp_string); i = i + 1; } a = 0; b = 0; c = 0; d = 0; for (n = 0; n <= 3; n++) { a = (buf[n] << (n * 8)) | a; b = (buf[n + 4] << (n * 8)) | b; c = (buf[n + 4 + 4] << (n * 8)) | c; d = (buf[n + 4 + 4 + 4] << (n * 8)) | d; } y = 0; z = 0; for (n = 0; n <= 3; n++) { temp_2 = inb[n]; y = (temp_2 << (n * 8)) | y; temp_2 = inb[n + 4]; z = (temp_2 << (n * 8)) | z; } n = 32; while (n > 0) { sum = cnDelta + sum; /*temp = (z << 4) & 0xFFFFFFFF; temp = (temp + a) & 0xFFFFFFFF; temp_1 = (z + sum) & 0xFFFFFFFF; temp = (temp ^ temp_1) & 0xFFFFFFFF; temp_1 = (z >> 5) & 0xFFFFFFFF; temp_1 = (temp_1 + b) & 0xFFFFFFFF; temp = (temp ^ temp_1) & 0xFFFFFFFF; temp = (temp + y) & 0xFFFFFFFF; y = temp & 0xFFFFFFFF;*/ y += ((z << 4) + a) ^ (z + sum) ^ ((z >> 5) + b); /*temp = (y << 4) & 0xFFFFFFFF; temp = (temp + c) & 0xFFFFFFFF; temp_1 = (y + sum) & 0xFFFFFFFF; temp = (temp ^ temp_1) & 0xFFFFFFFF; temp_1 = (y >> 5) & 0xFFFFFFFF; temp_1 = (temp_1 + d) & 0xFFFFFFFF; temp = (temp ^ temp_1) & 0xFFFFFFFF; temp = (z + temp) & 0xFFFFFFFF; z = temp & 0xFFFFFFFF;*/ z += ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d); n = n - 1; } for (n = 0; n <= 3; n++) { outb[n] = System.Convert.ToByte((y >> (n * 8)) & 255); outb[n + 4] = System.Convert.ToByte((z >> (n * 8)) & 255); } } public void DeCode(byte[] inb, byte[] outb, string Key) { UInt32 cnDelta, y, z, a, b, c, d, temp_2; UInt32[] buf = new UInt32[16]; int n, i, nlen; UInt32 sum; //UInt32 temp, temp_1; string temp_string; cnDelta = 2654435769; sum = 0xC6EF3720; nlen = Key.Length; i = 0; for (n = 1; n <= nlen; n = n + 2) { temp_string = Key.Substring(n - 1, 2); buf[i] = HexToInt(temp_string); i = i + 1; } a = 0; b = 0; c = 0; d = 0; for (n = 0; n <= 3; n++) { a = (buf[n] << (n * 8)) | a; b = (buf[n + 4] << (n * 8)) | b; c = (buf[n + 4 + 4] << (n * 8)) | c; d = (buf[n + 4 + 4 + 4] << (n * 8)) | d; } y = 0; z = 0; for (n = 0; n <= 3; n++) { temp_2 = inb[n]; y = (temp_2 << (n * 8)) | y; temp_2 = inb[n + 4]; z = (temp_2 << (n * 8)) | z; } n = 32; while (n-- > 0) { z -= ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d); y -= ((z << 4) + a) ^ (z + sum) ^ ((z >> 5) + b); sum -= cnDelta; } for (n = 0; n <= 3; n++) { outb[n] = System.Convert.ToByte((y >> (n * 8)) & 255); outb[n + 4] = System.Convert.ToByte((z >> (n * 8)) & 255); } } public string StrEnc(string InString, string Key)//使用增强算法。加密字符串 { byte[] b, outb; byte[] temp = new byte[8], outtemp = new byte[8]; int n, i, nlen, outlen; string outstring; nlen = lstrlenA(InString) + 1; if (nlen < 8) outlen = 8; else outlen = nlen; b = new byte[outlen]; outb = new byte[outlen]; CopyStringToByte(b, InString, nlen); b.CopyTo(outb, 0); for (n = 0; n <= outlen - 8; n = n + 8) { for (i = 0; i < 8; i++) temp[i] = b[i + n]; EnCode(temp, outtemp, Key); for (i = 0; i < 8; i++) outb[i] = outtemp[i]; } outstring = ""; for (n = 0; n <= outlen - 1; n++) { outstring = outstring + outb[n].ToString("X2"); } return outstring; } public string StrDec(string InString, string Key) //使用增强算法。加密字符串 { byte[] b, outb; byte[] temp = new byte[8], outtemp = new byte[8]; int n, i, nlen, outlen; string temp_string; StringBuilder c_str; nlen = InString.Length; if (nlen < 16) outlen = 16; outlen = nlen / 2; b = new byte[outlen]; outb = new byte[outlen]; i = 0; for (n = 1; n <= nlen; n = n + 2) { temp_string = InString.Substring(n - 1, 2); b[i] = System.Convert.ToByte(HexToInt(temp_string)); i = i + 1; } b.CopyTo(outb, 0); for (n = 0; n <= outlen - 8; n = n + 8) { for (i = 0; i < 8; i++) temp[i] = b[i + n]; DeCode(temp, outtemp, Key); for (i = 0; i < 8; i++) outb[i] = outtemp[i]; } c_str = new StringBuilder("", outlen); CopyByteToString(c_str, outb, outlen); return c_str.ToString(); } } 唯一锁写入Ukey: 
公网client:安装插件
多文件安装版+须要先插入UKEY
插入UKEY
登录成功!
開始批量写唯一锁啦!
