Đang chuẩn bị liên kết để tải về tài liệu:
Transferring Login Credentials Securely

[ Team LiB ] Recipe 5.8 Transferring Login Credentials Securely Problem You need to protect login credentials during transmission over the network and when they are stored within a database. Solution Use password hashing and salting with the .NET FormsAuthentication class to control user | Team LiB Recipe 5.8 Transferring Login Credentials Securely Problem You need to protect login credentials during transmission over the network and when they are stored within a database. Solution Use password hashing and salting with the .NET FormsAuthentication class to control user authentication and access to the application. The schema of table TBL0508 used in this solution is shown in Table 5-5. Table 5-5. TBL0508 schema Column name Data type Length Allow nulls UserName nvarchar 50 No PasswordHash nvarchar 50 No PasswordSalt nvarchar 50 No The sample code contains two event handlers Create Button.Click Creates a GUID-based salt and generates a hash of the password concatenated with the salt for a user-specified password. The username password hash and salt are inserted into a database. Login Button.Click Retrieves the salt and the hash of the password and salt from the database for the specified username. The user-entered password is concatenated with the retrieved salt and the hash is generated. If the hash matches the hash retrieved from the database the user is authenticated. The C code is shown in Example 5-8. Example 5-8. File ADOCookbookCS0508.aspx.cs Namespaces variables and constants using System using System.Configuration using System.Web.Security using System.Data using System.Data.SqlClient private const String TABLENAME TBL0508 . . . private void createButton_Click object sender System.EventArgs e Create and display the password salt. String passwordSalt Guid.NewGuid .ToString passwordSaltLabel.Text passwordSalt Create and display the password hash. String passwordHash FormsAuthentication.HashPasswordForStoringInConfigFile passwordTextBox.Text passwordSalt md5 passwordHashLabel.Text passwordHashDBLabel.Text passwordHash Insert UserName with the password hash and salt into the database. String sqlText INSERT TABLENAME UserName PasswordHash PasswordSalt VALUES userNameTextBox.Text passwordHash passwordSalt SqlConnection conn new SqlConnection .