Asp.Net使用加密cookie代替session验证用户登录状态源码分享

时间：2014-10-09 01:03:28 阅读：729 评论：0 收藏：0 [点我收藏+]

标签：des style blog http io os 使用 ar for

首先 session 和 cache 拥有各自的优势而存在. 他们的优劣就不在这里讨论了.

本实例仅存储用户id于用户名，对于多级权限的架构，可以自行修改增加权限字段

本实例采用vs2010编写，vb和c#的代码都是经过测试的；一些童鞋说代码有问题的注意下

什么？你还在用vs2008 vs2005？请自行重载带有 optional 标致的函数

童鞋们提到的密码修改后要失效的问题当时没有想到个人认为大致方向可以》

》1. 每个用户生成1个xml 里面保存随机的几个字符或者修改密码的时间戳也行

》2. 这个文件在用户刚注册或修改密码时候生成写入; 写入的同时需要更新当前用户的cookie 否则当前用户也会失效

》3. 在本实例的基础上加1个字段内容为 1中的若干字符本实例在cookie写入15分钟后才会重新写入新的cookie；可以在重新写入cookie前比对这几个若干字符是否匹配用 StreamReader 即可

》4. 以上不知大家看懂了没有呢

以下类实现了使用加密cookie代替session验证用户登录状态支持 1小时/1周有效期2种模式 (期间有新的请求则更新失效时间)

项目源码下载地址 http://www.370b.com/bbsx/cookie-login/cookie.rar

csdn下载地址 http://download.csdn.net/detail/rayyu1989/4265766

在自定义字符 CustomCode 不被知道的情况下该加密过程是相对安全的.
你还可以更改其中的 2处MD5哈希值生成的方式、DEChar(ENChar)混淆字符让代码更与众不同

欢迎大家拍砖 bubuko.com,布布扣

加密后的cookie值枚举：

n=rayyu_EJPSiju2JJNeh5&u=VWpc9dv5v8e4APbbhJmSP+yifwZNEcyRy6V/RwzqV2pmo+x6hNLHI/pLlzl8+KgdWpMHtTTOYpGMe3tCrAIKkmeCrKG7BpSVUYF0piopz757NPb43Z4ehA==&i=56-76-68-35-4A-37-57-35

n=rayyu_P5O7ouiq5JVaMf&u=gWz/itCIlbupWCv7iziBuYCwT1SF4+IbyFbwa5Hmm+up4iuCxKMCl24+bLRb0Y/6RMyfzcpuJwu8gT/Yqg1UV1bd9UqgQYzrLdibP9zaXkYjYyT56gkCBg==&i=5B-65-54-34-6G-35-4C-45

n=rayyu_bNJuGxps3Kqtxl&u=kUorl6z713eYdjkhRidocZKHMh2Mw6j5LowmevsWiKZsn81dzlsPcH4fp1VJsi2dtObeYvMJTCybLrv45TsdLIT7nhZcQJdxKGn1oaK/7a3Ldfte6zoQqg==&i=4H-5B-53-6A-6H-75-32-4H

n=rayyu_TF0hpOgdGhliK8&u=1O9Zi4V9Qj2HH63dEfXaLaoj3X6ea9azIBjuLjFBJqhiTQefz2x161IIDpWaviJr1TTECBdb4NCIiFOEsEY9C4gl+/Equjc7tGpO12ixEkZz70bMg48M9w==&i=4H-4E-65-68-35-7A-5B-35

n=rayyu_9INryZvNo1pCKm&u=wQgRgtf+uy9jKQXJhr7DerZtFeYmm2Lx10Asgf52HTzkar9iHXkVaJJqHtwWA9K635QU4bGLYZPWl3nj0rxOhOe93ew+bIAR8FWr2zPwvfZ++TwB3670LQ==&i=4F-37-6F-75-6A-71-35-4H

客户端可以获取cookie的 n值来简单判断是否登录 n为用户名，配合静态页和缓存动态显示登录状态

VB.NET调用： (Rayyu 是 namespace)

[vb] view plain copy

Dim user As New Rayyu.User() ‘初始化用户信息(检测当前请求用户是否登录)
If user.Online Then
Response.Write("<br />name:" & user.Name & ",online:" & user.Online & ",id:" & user.ID)
End If
Dim user2 As New Rayyu.User(1, "用户名", False) ‘初始化(写入新用户)

C#调用：(Rayyu 是 namespace)

[csharp] view plain copy

Rayyu.User user = new Rayyu.User();// 初始化用户信息(检测当前请求用户是否登录)
Rayyu.User user2 = new Rayyu.User(1, "用户名", false);// 初始化(写入新用户) false 表示1小时 true表示1周
if (user.Online)
{
Response.Write("<br />name:" + user.Name + ",online:" + user.Online + ",id:" + user.Id);
}

VB.NET 源代码：

[vb] view plain copy

Imports System.Web
Imports System.Text.RegularExpressions
Imports System.Text
Imports System.Security.Cryptography
‘‘‘ <summary>
‘‘‘ 用户登录机制支持1小时/1周状态
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Public Class User
#Region "自定义参数"
‘‘‘ <summary>
‘‘‘ 自定义字符用于第一层加解密密匙
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Private Const CustomCode As String = "QQ：867863456"
‘‘‘ <summary>
‘‘‘ cookie名
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Private Const CookieName As String = "userinfo"
‘‘‘ <summary>
‘‘‘ Cookie作用域
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Private Const CookieDomain As String = ".370b.com"
‘‘‘ <summary>
‘‘‘ 编码
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Private Shared Encoder As Encoding = Encoding.UTF8
‘‘‘ <summary>
‘‘‘ 用户名的正则检测我的是：首位由字母或者汉字构成，由字母、数字、下划线、和汉字的 2-20位的字符组合而成的
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Private Const RegexUserName As String = "[a-zA-Z\u4e00-\u9fa5][\w\u4e00-\u9fa5]{1,19}"
‘‘‘ <summary>
‘‘‘ 区域化信息设置
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Private Shared ReadOnly Format As Globalization.CultureInfo = New System.Globalization.CultureInfo("zh-CN", True)
#End Region
#Region "回调参数"
‘‘‘ <summary>
‘‘‘ 是否在线
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Public ReadOnly Property Online As Boolean
Get
Return _Online
End Get
End Property
Private _Online As Boolean = False
‘‘‘ <summary>
‘‘‘ 用户ID (Online=true情况下使用)
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Public ReadOnly Property Id As Integer
Get
Return _Id
End Get
End Property
Private _Id As Integer
‘‘‘ <summary>
‘‘‘ 用户名 (Online=true情况下使用)
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Public ReadOnly Property Name As String
Get
Return _Name
End Get
End Property
Private _Name As String
‘‘‘ <summary>
‘‘‘ 有效期是否为7天
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Public ReadOnly Property IsWeek As Boolean
Get
Return _IsWeek
End Get
End Property
Private ReadOnly _IsWeek As Boolean
#End Region
‘‘‘ <summary>
‘‘‘ 初始化用户信息(检测当前请求用户是否登录)
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Public Sub New()
‘读取cookie
Dim cookie As HttpCookie = HttpContext.Current.Request.Cookies(CookieName)
If cookie IsNot Nothing Then
‘存在cookie
Dim value As String = cookie.Values("u"), key As String = cookie.Values("i"), tname As String = cookie.Values("n")
cookie = Nothing
If tname IsNot Nothing AndAlso value IsNot Nothing AndAlso key IsNot Nothing AndAlso Regex.IsMatch(key, "^[1-8A-H]{2}(-[1-8A-H]{2}){7}$", Text.RegularExpressions.RegexOptions.None) Then
‘存在对应键值
Dim keybyte As Byte() = toByte(DEChar(key)) ‘解密密匙的后8位字节由参数i构成
If keybyte IsNot Nothing Then
Dim autocode() As Byte ‘解密密匙的前16位字节由用户UserAgent，用户名，自定义字符组合而成的 md5
Using m As New System.Security.Cryptography.MD5CryptoServiceProvider()
autocode = m.ComputeHash(Encoder.GetBytes(String.Format(Format, "{0}_{2}_{1}", HttpContext.Current.Request.UserAgent, tname, CustomCode)))
m.Clear()
End Using
Dim keyboard() As Byte = New Byte(keybyte.Length + autocode.Length - 1) {}
autocode.CopyTo(keyboard, 0)
keybyte.CopyTo(keyboard, autocode.Length)
value = DesDecrypt(value, keyboard)
If value.Length > 0 Then
‘解密成功第一层合法
Dim values As Match = Regex.Match(value, "^(?<md5>[\w]{32})(?<isweek>[01])(?<id>[\d]{1,10})(?<name>" & RegexUserName & ")\|(?<exp>[\d]{1,19})$")
If values.Success Then
Dim LostDateTime As Long
If Integer.TryParse(values.Groups("id").Value, Me._Id) AndAlso Me._Id > 0 AndAlso Long.TryParse(values.Groups("exp").Value, LostDateTime) AndAlso LostDateTime > 0 Then
‘解密后的字符串格式正确
Me._IsWeek = (values.Groups("isweek").Value = "1")
‘此md5用于验证解密后的字符串由用户id，用户名，cookie写入时间，自定义字符串以及有效期是否是1周组合
Dim md5 As String = MD5Public(String.Format(Format, "{0}{5}{1}{2}:rayyu.{3};{4}", values.Groups("id").Value, values.Groups("exp").Value, values.Groups("name").Value, CookieDomain, IsWeek, CustomCode))
If md5 = values.Groups("md5").Value Then
‘md5正常
Dim lostdate As Double = (Now - New DateTime(LostDateTime)).TotalMinutes
Dim l_a As Integer
If IsWeek Then
l_a = 10080
Else
l_a = 60
End If
If lostdate > 0 AndAlso lostdate < l_a Then
‘cookie在有效期内
Me._Name = values.Groups("name").Value
Me._Online = True
If lostdate > 15 Then
‘cookie以写入超过15分钟，从新写入1次cookie
SetUser(Me._Id, Me._Name, Me._IsWeek, autocode)
End If
End If
Else
Me._Id = 0
Me._Name = Nothing
End If
End If
End If
End If
End If
End If
End If
End Sub
‘‘‘ <summary>
‘‘‘ 初始化(写入新用户)
‘‘‘ </summary>
‘‘‘ <param name="userid">用户id</param>
‘‘‘ <param name="username">用户名</param>
‘‘‘ <param name="isweek">是否保持一周登录状态</param>
‘‘‘ <remarks></remarks>
Public Sub New(ByVal userId As Integer, ByVal userName As String, ByVal isWeek As Boolean)
SetUser(userId, userName, isWeek)
Me._ID = userId
Me._Name = userName
Me._IsWeek = isWeek
Me._Online = True
End Sub
‘‘‘ <summary>
‘‘‘ 写入用户
‘‘‘ </summary>
‘‘‘ <param name="userid">用户id</param>
‘‘‘ <param name="username">用户名</param>
‘‘‘ <param name="isweek">是否保持一周登录状态</param>
‘‘‘ <param name="autocode"></param>
‘‘‘ <remarks></remarks>
Private Shared Sub SetUser(ByVal userid As Integer, ByVal username As String, ByVal isweek As Boolean, Optional ByVal autocode As Byte() = Nothing)
If autocode Is Nothing Then
‘解密密匙的前16位字节由用户UserAgent，用户名，自定义字符组合而成的 md5
Using m As New System.Security.Cryptography.MD5CryptoServiceProvider()
autocode = m.ComputeHash(Encoder.GetBytes(String.Format(Format, "{0}_{2}_{1}", HttpContext.Current.Request.UserAgent, username, CustomCode)))
End Using
End If
Dim expires As DateTime
Dim isweekint As Char
If isweek Then
expires = Now.AddDays(7)
isweekint = "1"
Else
expires = Now.AddHours(1)
isweekint = "0"
End If
‘解密密匙的后8位字节随机生成参数i
Dim rbyte() As Byte = Encoder.GetBytes(RandomCode(8))
Dim keyboard() As Byte = New Byte(23) {}
autocode.CopyTo(keyboard, 0)
‘组合密匙长度为24位
rbyte.CopyTo(keyboard, autocode.Length)
autocode = Nothing
Dim exp As String = Now.Ticks.ToString("D", Format)
‘加密字符串
Dim value As String = DesEncrypt(String.Format(Format, "{4}{0}{1}{2}|{3}", isweekint, userid, username, exp, MD5Public(String.Format(Format, "{0}{5}{1}{2}:rayyu.{3};{4}", userid, exp, username, CookieDomain, isweek, CustomCode))), keyboard)
keyboard = Nothing
Dim key As String = ENChar(System.BitConverter.ToString(rbyte)) ‘混淆参数i
rbyte = Nothing
‘写入cookie
Dim cookie As New HttpCookie(CookieName)
cookie.Values.Add("n", username)
cookie.Values.Add("u", value)
cookie.Values.Add("i", key)
cookie.Path = "/"
cookie.Expires = expires
cookie.Domain = CookieDomain
HttpContext.Current.Response.Cookies.Set(cookie)
End Sub
‘‘‘ <summary>
‘‘‘ TripleDESC解密
‘‘‘ </summary>
‘‘‘ <param name="strText">待解密字符串</param>
‘‘‘ <param name="key">密匙</param>
‘‘‘ <returns></returns>
‘‘‘ <remarks></remarks>
Protected Friend Shared Function DesDecrypt(ByVal strText As String, ByVal key As Byte()) As String
Try
Using provider As New System.Security.Cryptography.TripleDESCryptoServiceProvider()
provider.Key = key
provider.Mode = System.Security.Cryptography.CipherMode.ECB
Dim inputBuffer As Byte() = Convert.FromBase64String(strText)
Return Encoder.GetString(provider.CreateDecryptor().TransformFinalBlock(inputBuffer, 0, inputBuffer.Length)).Trim
End Using
Catch ex As CryptographicException
Return String.Empty
Catch ex As ArgumentNullException
Return String.Empty
Catch ex As DecoderFallbackException
Return String.Empty
Catch ex As ArgumentException
Return String.Empty
Catch ex As FormatException
Return String.Empty
End Try
End Function
‘‘‘ <summary>
‘‘‘ TripleDESC加密
‘‘‘ </summary>
‘‘‘ <param name="strText">待加密字符串</param>
‘‘‘ <param name="key">密匙</param>
‘‘‘ <returns></returns>
‘‘‘ <remarks></remarks>
Protected Friend Shared Function DesEncrypt(ByVal strText As String, ByVal key As Byte()) As String
Try
Using provider As New System.Security.Cryptography.TripleDESCryptoServiceProvider()
provider.Key = key
provider.Mode = System.Security.Cryptography.CipherMode.ECB
Dim bytes As Byte() = Encoder.GetBytes(strText)
Return Convert.ToBase64String(provider.CreateEncryptor().TransformFinalBlock(bytes, 0, bytes.Length))
End Using
Catch ex As CryptographicException
Return String.Empty
Catch ex As ArgumentNullException
Return String.Empty
Catch ex As DecoderFallbackException
Return String.Empty
Catch ex As ArgumentException
Return String.Empty
Catch ex As FormatException
Return String.Empty
End Try
End Function
‘‘‘ <summary>
‘‘‘ md5加密
‘‘‘ </summary>
‘‘‘ <param name="str">待加密字符串</param>
‘‘‘ <returns>返回加密后字符串</returns>
‘‘‘ <remarks></remarks>
Private Shared Function MD5Public(ByVal str As String) As String
Dim returnx As String = "0000000000000000"
If str IsNot Nothing AndAlso str IsNot String.Empty Then
Try
Using m As New System.Security.Cryptography.MD5CryptoServiceProvider()
Dim MDByte As Byte() = m.ComputeHash(Encoder.GetBytes(str))
returnx = Strings.Replace(System.BitConverter.ToString(MDByte), "-", "")
m.Clear()
End Using
Catch ex As ObjectDisposedException
returnx = "0000000000000000"
Catch ex As ArgumentOutOfRangeException
returnx = "0000000000000003"
Catch ex As ArgumentNullException
returnx = "0000000000000001"
Catch ex As EncoderFallbackException
returnx = "0000000000000001"
Catch ex As InvalidOperationException
returnx = "0000000000000002"
End Try
End If
Return returnx
End Function
‘‘‘ <summary>
‘‘‘ 随机数
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Private Shared Randoms As New Random
‘‘‘ <summary>
‘‘‘ 随机字符集合
‘‘‘ </summary>
‘‘‘ <remarks></remarks>
Private Shared xarrChar() As Char = New Char() {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"}
‘‘‘ <summary>
‘‘‘ 生成随机数
‘‘‘ </summary>
‘‘‘ <returns></returns>
‘‘‘ <remarks></remarks>
Public Shared Function RandomCode(ByVal length As Integer) As String
Dim str As String = ""
Dim mlength As Integer = xarrChar.Length
For i As Integer = 0 To length - 1
str &= xarrChar(Randoms.Next(0, mlength))
Next
Return str
End Function
‘‘‘ <summary>
‘‘‘ 16进制字符串转Byte数组
‘‘‘ </summary>
‘‘‘ <param name="value"></param>
‘‘‘ <returns></returns>
‘‘‘ <remarks></remarks>
Private Shared Function toByte(ByVal value As String) As Byte()
Try
Dim chars As String() = value.Split("-")
Dim length As Integer = chars.Length - 1
Dim byte_() As Byte = New Byte(length) {}
For i As Integer = 0 To length
byte_(i) = Convert.ToByte(chars(i), 16)
Next
Return byte_
Catch ex As ArgumentException
Return Nothing
Catch ex As FormatException
Return Nothing
Catch ex As OverflowException
Return Nothing
End Try
End Function
‘‘‘ <summary>
‘‘‘ TripleDESC-部分密匙字符混淆如果要修改下面的字符请注意修改上面的正则
‘‘‘ </summary>
‘‘‘ <param name="value"></param>
‘‘‘ <returns></returns>
‘‘‘ <remarks></remarks>
Private Shared Function ENChar(ByVal value As String) As String
value = Strings.Replace(value, "A", "H")
value = Strings.Replace(value, "B", "G")
value = Strings.Replace(value, "0", "B")
value = Strings.Replace(value, "9", "A")
Return value
End Function
‘‘‘ <summary>
‘‘‘ TripleDESC-部分密匙字符反混淆如果要修改下面的字符请注意修改上面的正则
‘‘‘ </summary>
‘‘‘ <param name="value"></param>
‘‘‘ <returns></returns>
‘‘‘ <remarks></remarks>
Private Shared Function DEChar(ByVal value As String) As String
value = Strings.Replace(value, "A", "9")
value = Strings.Replace(value, "B", "0")
value = Strings.Replace(value, "G", "B")
value = Strings.Replace(value, "H", "A")
Return value
End Function
End Class

C#源代码：

[csharp] view plain copy

using System;
using System.Web;
using System.Text.RegularExpressions;
using System.Text;
using System.Security.Cryptography;
namespace Rayyu
{
/// <summary>
/// 用户登录机制支持1小时/1周状态
/// </summary>
/// <remarks></remarks>
public class User
{
#region "自定义参数"
/// <summary>
/// 自定义字符用于第一层加解密密匙
/// </summary>
/// <remarks></remarks>
private const string CustomCode = "QQ：867863456";
/// <summary>
/// cookie名
/// </summary>
/// <remarks></remarks>
private const string CookieName = "userinfo";
/// <summary>
/// Cookie作用域
/// </summary>
/// <remarks></remarks>
private const string CookieDomain = ".370b.com";
/// <summary>
/// 编码
/// </summary>
/// <remarks></remarks>
private static Encoding Encoder = Encoding.UTF8;
/// <summary>
/// 用户名的正则检测我的是：首位由字母或者汉字构成，由字母、数字、下划线、和汉字的 2-20位的字符组合而成的
/// </summary>
/// <remarks></remarks>
private const string RegexUserName = "[a-zA-Z\\u4e00-\\u9fa5][\\w\\u4e00-\\u9fa5]{1,19}";
/// <summary>
/// 区域化信息设置
/// </summary>
/// <remarks></remarks>
private static System.Globalization.CultureInfo Format = new System.Globalization.CultureInfo("zh-CN", true);
#endregion
#region "回调参数"
/// <summary>
/// 是否在线
/// </summary>
/// <remarks></remarks>
public bool Online
{
get { return _Online; }
}
private bool _Online = false;
/// <summary>
/// 用户ID (Online=true情况下使用)
/// </summary>
/// <remarks></remarks>
public int Id
{
get { return _Id; }
}
private int _Id;
/// <summary>
/// 用户名 (Online=true情况下使用)
/// </summary>
/// <remarks></remarks>
public string Name
{
get { return _Name; }
}
private string _Name;
/// <summary>
/// 有效期是否为7天
/// </summary>
/// <remarks></remarks>
public bool IsWeek
{
get { return _isWeek; }
}
private bool _isWeek;
#endregion
/// <summary>
/// 初始化用户信息(检测当前请求用户是否登录)
/// </summary>
/// <remarks></remarks>
public User()
{
//读取cookie
HttpCookie cookie = HttpContext.Current.Request.Cookies[CookieName];
if (cookie != null)
{
//存在cookie
string value = cookie.Values["u"];
string key = cookie.Values["i"];
string tname = cookie.Values["n"];
cookie = null;
if (tname != null && value != null && key != null && Regex.IsMatch(key, "^[1-8A-H]{2}(-[1-8A-H]{2}){7}$", System.Text.RegularExpressions.RegexOptions.None))
{
//存在对应键值
byte[] keybyte = toByte(DEChar(key));
//解密密匙的后8位字节由参数i构成
if (keybyte != null)
{
byte[] autocode;
//解密密匙的前16位字节由用户UserAgent，用户名，自定义字符组合而成的 md5
using (System.Security.Cryptography.MD5CryptoServiceProvider m = new System.Security.Cryptography.MD5CryptoServiceProvider())
{
autocode = m.ComputeHash(Encoder.GetBytes(string.Format(Format, "{0}_{2}_{1}", HttpContext.Current.Request.UserAgent, tname, CustomCode)));
}
byte[] keyboard = new byte[keybyte.Length + autocode.Length];
autocode.CopyTo(keyboard, 0);
keybyte.CopyTo(keyboard, autocode.Length);
value = DesDecrypt(value, keyboard);
if (value.Length > 0)
{
//解密成功第一层合法
Match values = Regex.Match(value, "^(?<md5>[\\w]{32})(?<isweek>[01])(?<id>[\\d]{1,10})(?<name>" + RegexUserName + ")\\|(?<exp>[\\d]{1,19})$");
if (values.Success)
{
long LostDateTime = 0;
if (int.TryParse(values.Groups["id"].Value, out this._Id) && this._Id > 0 && long.TryParse(values.Groups["exp"].Value, out LostDateTime) && LostDateTime > 0)
{
//解密后的字符串格式正确
this._isWeek = (values.Groups["isweek"].Value == "1");
//此md5用于验证解密后的字符串由用户id，用户名，cookie写入时间，自定义字符串以及有效期是否是1周组合
string md5 = MD5Public(string.Format(Format, "{0}{5}{1}{2}:rayyu.{3};{4}", values.Groups["id"].Value, values.Groups["exp"].Value, values.Groups["name"].Value, CookieDomain, _isWeek, CustomCode));
if (md5 == values.Groups["md5"].Value)
{
//md5正常
double lostdate = (DateTime.Now - new DateTime(LostDateTime)).TotalMinutes;
int l_a = 0;
if (_isWeek)
{
l_a = 10080;
}
else
{
l_a = 60;
}
if (lostdate > 0 && lostdate < l_a)
{
//cookie在有效期内
this._Name = values.Groups["name"].Value;
this._Online = true;
if (lostdate > 15)
{
//cookie以写入超过15分钟，从新写入1次cookie
SetUser(this._Id, this._Name, this._isWeek, autocode);
}
}
}
else
{
this._Id = 0;
this._Name = null;
}
}
}
}
}
}
}
}
/// <summary>
/// 初始化(写入新用户)
/// </summary>
/// <param name="userid">用户id</param>
/// <param name="username">用户名</param>
/// <param name="isweek">是否保持一周登录状态</param>
/// <remarks></remarks>
public User(int userId, string userName, bool isWeek)
{
SetUser(userId, userName, isWeek);
this._Id = userId;
this._Name = userName;
this._isWeek = isWeek;
this._Online = true;
}
/// <summary>
/// 写入用户
/// </summary>
/// <param name="userid">用户id</param>
/// <param name="username">用户名</param>
/// <param name="isweek">是否保持一周登录状态</param>
/// <param name="autocode"></param>
/// <remarks></remarks>
private static void SetUser(int userid, string username, bool isweek, byte[] autocode = null)
{
if (autocode == null)
{
//解密密匙的前16位字节由用户UserAgent，用户名，自定义字符组合而成的 md5
using (System.Security.Cryptography.MD5CryptoServiceProvider m = new System.Security.Cryptography.MD5CryptoServiceProvider())
{
autocode = m.ComputeHash(Encoder.GetBytes(string.Format(Format,"{0}_{2}_{1}", HttpContext.Current.Request.UserAgent, username, CustomCode)));
m.Clear();
}
}
DateTime expires = default(DateTime);
char isweekint;
if (isweek)
{
expires = DateTime.Now.AddDays(7);
isweekint = ‘1‘;
}
else
{
expires = DateTime.Now.AddHours(1);
isweekint = ‘0‘;
}
//解密密匙的后8位字节随机生成参数i
byte[] rbyte = Encoder.GetBytes(RandomCode(8));
byte[] keyboard = new byte[24];
autocode.CopyTo(keyboard, 0);
//组合密匙长度为24位
rbyte.CopyTo(keyboard, autocode.Length);
autocode = null;
string exp = DateTime.Now.Ticks.ToString("D", Format);
//加密字符串
string value = DesEncrypt(string.Format(Format, "{4}{0}{1}{2}|{3}", isweekint, userid, username, exp, MD5Public(string.Format(Format, "{0}{5}{1}{2}:rayyu.{3};{4}", userid, exp, username, CookieDomain, isweek, CustomCode))), keyboard);
keyboard = null;
string key = ENChar(System.BitConverter.ToString(rbyte));
//混淆参数i
rbyte = null;
//写入cookie
HttpCookie cookie = new HttpCookie(CookieName);
cookie.Values.Add("n", username);
cookie.Values.Add("u", value);
cookie.Values.Add("i", key);
cookie.Path = "/";
cookie.Expires = expires;
cookie.Domain = CookieDomain;
HttpContext.Current.Response.Cookies.Set(cookie);
}
/// <summary>
/// TripleDESC解密
/// </summary>
/// <param name="strText">待解密字符串</param>
/// <param name="key">密匙</param>
/// <returns></returns>
/// <remarks></remarks>
protected static internal string DesDecrypt(string strText, byte[] key)
{
try
{
using (System.Security.Cryptography.TripleDESCryptoServiceProvider provider = new System.Security.Cryptography.TripleDESCryptoServiceProvider())
{
provider.Key = key;
provider.Mode = System.Security.Cryptography.CipherMode.ECB;
byte[] inputBuffer = Convert.FromBase64String(strText);
return Encoder.GetString(provider.CreateDecryptor().TransformFinalBlock(inputBuffer, 0, inputBuffer.Length)).Trim();
}
}
catch(CryptographicException){
return string.Empty;
}
catch(ArgumentNullException){
return string.Empty;
}
catch(DecoderFallbackException){
return string.Empty;
}
catch(ArgumentException){
return string.Empty;
}
catch(FormatException){
return string.Empty;
}
}
/// <summary>
/// TripleDESC加密
/// </summary>
/// <param name="strText">待加密字符串</param>
/// <param name="key">密匙</param>
/// <returns></returns>
/// <remarks></remarks>
protected static internal string DesEncrypt(string strText, byte[] key)
{
try
{
using (System.Security.Cryptography.TripleDESCryptoServiceProvider provider = new System.Security.Cryptography.TripleDESCryptoServiceProvider())
{
provider.Key = key;
provider.Mode = System.Security.Cryptography.CipherMode.ECB;
byte[] bytes = Encoder.GetBytes(strText);
return Convert.ToBase64String(provider.CreateEncryptor().TransformFinalBlock(bytes, 0, bytes.Length));
}
}
catch (CryptographicException)
{
return string.Empty;
}
catch (ArgumentNullException)
{
return string.Empty;
}
catch (DecoderFallbackException)
{
return string.Empty;
}
catch (ArgumentException)
{
return string.Empty;
}
catch (FormatException)
{
return string.Empty;
}
}
/// <summary>
/// md5加密
/// </summary>
/// <param name="str">待加密字符串</param>
/// <returns>返回加密后字符串</returns>
/// <remarks></remarks>
private static string MD5Public(string str)
{
using (System.Security.Cryptography.MD5CryptoServiceProvider m = new System.Security.Cryptography.MD5CryptoServiceProvider())
{
byte[] MDByte = m.ComputeHash(Encoder.GetBytes(str));
return System.BitConverter.ToString(MDByte).Replace("-", "");
}
}
/// <summary>
/// 随机数
/// </summary>
/// <remarks></remarks>
private static Random Randoms = new Random();
/// <summary>
/// 随机字符集合
/// </summary>
/// <remarks></remarks>
private static char[] xarrChar = new char[] {
‘0‘,‘1‘,‘2‘,‘3‘,‘4‘,‘5‘,‘6‘,‘7‘,‘8‘,‘9‘,‘a‘,‘b‘,‘c‘,‘d‘,‘e‘,‘f‘,‘g‘,‘h‘,‘i‘,‘j‘,‘k‘,‘l‘,‘m‘,‘n‘,‘o‘,‘p‘,‘q‘,‘r‘,‘s‘,‘t‘,‘u‘,‘v‘,‘w‘,‘x‘,‘y‘,‘z‘,‘A‘,‘B‘,‘C‘,‘D‘,‘E‘,‘F‘,‘G‘,‘H‘,‘I‘,‘J‘,‘K‘,‘L‘,‘M‘,‘N‘,‘O‘,‘P‘,‘Q‘,‘R‘,‘S‘,‘T‘,‘U‘,‘V‘,‘W‘,‘X‘,‘Y‘,‘Z‘
};
/// <summary>
/// 生成随机数
/// </summary>
/// <returns></returns>
/// <remarks></remarks>
public static string RandomCode(int length)
{
string str = "";
int mlength = xarrChar.Length;
for (int i = 0; i < length; i++)
{
str += xarrChar[Randoms.Next(0, mlength)];
}
return str;
}
/// <summary>
/// 16进制字符串转Byte数组
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
/// <remarks></remarks>
private static byte[] toByte(string value)
{
try
{
string[] chars = value.Split(‘-‘);
int length = chars.Length;
byte[] byte_ = new byte[length];
for (int i = 0; i < length; i++)
{
byte_[i] = Convert.ToByte(chars[i], 16);
}
return byte_;
}
catch (ArgumentException){
return null;
}
catch (FormatException){
return null;
}
catch (OverflowException){
return null;
}
}
/// <summary>
/// TripleDESC-部分密匙字符混淆如果要修改下面的字符请注意修改上面的正则
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
/// <remarks></remarks>
private static string ENChar(string value)
{
value = value.Replace( "A", "H");
value = value.Replace( "B", "G");
value = value.Replace( "0", "B");
value = value.Replace( "9", "A");
return value;
}
/// <summary>
/// TripleDESC-部分密匙字符反混淆如果要修改下面的字符请注意修改上面的正则
/// </summary>
/// <param name="value"></param>
/// <returns></returns>
/// <remarks></remarks>
private static string DEChar(string value)
{
value = value.Replace( "A", "9");
value = value.Replace( "B", "0");
value = value.Replace( "G", "B");
value = value.Replace( "H", "A");
return value;
}
}
}

Asp.Net使用加密cookie代替session验证用户登录状态源码分享

标签：des style blog http io os 使用 ar for

原文地址：http://www.cnblogs.com/ranran/p/4011620.html

踩

(0)

评论一句话评论（0）

分享档案

更多>

2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)

周排行

Asp.Net使用加密cookie代替session验证用户登录状态 源码分享

Asp.Net使用加密cookie代替session验证用户登录状态源码分享