如果您仅限客户端使用javascript，那么除非您使用SSL，否则它将永远不会安全.

您可以尝试使用一些javascript加密库(但是看起来似乎很安全)

If you''re limited to javascript on client side then it will never be secure unless you''re using SSL.

You could try some javascript encryption libs (but that will only seem like its secure)

Hi,

// I am not infavor of passwords is reversible... (encrypt/decrypt)
// I store password as bytes in table (users) then  
// if ever retrieve it and compare as a bytes...
// Neglecting a down voting…
// So here is it...
private static byte[] encrypt(string dat)
{
   System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
   byte[] bytes = System.Text.Encoding.ASCII.GetBytes(dat);
   bytes = md5.ComputeHash(bytes);
   return bytes;
}

问候

Regards,

请参阅以下代码示例代码:

Hi,

See this sample code behind code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;

public class User
{
    public User()
    { }

    public string UserId { get; set; }
    public string UserName { get; set; }
    public string PayorCode { get; set; }
    public string Application { get; set; }
    public string AccessLevel { get; set; }
    public string ActivationDate { get; set; }
    public string CreatedBy { get; set; }
    public string Pwd { get; set; }
    public string Status { get; set; }
}

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnLogin_Click(object sender, EventArgs e)
    {
        User user = new User();
        user.UserId = this.txtUserId.Text;
        user.CreatedBy = this.txtUserId.Text;
        user.Pwd = this.txtPassword.Text;
        user.UserName = "Algem";
        user.PayorCode = "FWB";
        user.Application = "XP";
        user.AccessLevel = "admin";
        user.Status = "Y";

        var pwd = Encrypt(user.Pwd, 14);
        user.Pwd = pwd;
        //var ok = InsertNewUser( user);
        var userCredential = GetUserCredential(user.UserId, user.Pwd);
        if (userCredential.UserId == null)
        {
           lblValidation.Text  = "Invalid UserID or Password";
        }
        else if (user.Status != "Y")
        {
            lblValidation.Text = "Account is not yet activated";
        }
        else
        {
            lblValidation.Text = "Authenticated user.  Go to main menu...";
            // goto main menu...
        }
    }
    public bool InsertNewUser(User user)
    {
        SqlCommand cmd = new SqlCommand();
        bool success = true;
        string sql = string.Empty;
        try
        {
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLConnection"].ToString());
            conn.Open();

            sql = "INSERT INTO users(UserId, UserName, Pwd, PayorCode, Application, AccessLevel,"
                + "Status,CreatedBy, ActivationDate) "
                + "VALUES("
                + "GetDate()) ";
            using (cmd = new SqlCommand(sql, conn))
            {
                cmd.CommandType = CommandType.Text;
                cmd.CommandText = sql;
                cmd.ExecuteNonQuery();
            }
        }
        catch (Exception)
        {
            throw;
        }
        finally
        {
            cmd.Parameters.Clear();
            cmd.Dispose();
        }
        return success;
    }
    private User GetUserCredential(string userId, string pwd)
    {
        SqlCommand cmd = new SqlCommand();
        SqlConnection conn = new SqlConnection();
        string UserSqlConnection = ConfigurationManager.ConnectionStrings["SQLConnection"].ToString();
        string qry = "SELECT * FROM [TestDB].[dbo].[users] where UserId = '" + userId + "' and Pwd = '" + pwd + "'";

        User user = new User();
        try
        {
            using (conn = new SqlConnection(UserSqlConnection))
            {
                conn.Open();

                using (cmd = new SqlCommand(qry, conn))
                {
                    cmd.CommandType = CommandType.Text;
                    using (SqlDataReader dr = cmd.ExecuteReader())
                    {
                        if (dr.Read())
                        {
                            user.UserId = dr["UserId"].ToString();
                            user.UserName = dr["UserName"].ToString();
                            user.PayorCode = dr["PayorCode"].ToString();
                            user.AccessLevel = dr["AccessLevel"].ToString();
                            user.Application = dr["Application"].ToString();

                        }
                    }
                }
            }
        }
        catch (Exception ex)
        {
            throw ex;
        }
        return user;
    }
    private static string Encrypt(string dat, int keyNumber)
    {
        System.Security.Cryptography.MD5CryptoServiceProvider md5 = 
            new System.Security.Cryptography.MD5CryptoServiceProvider();
        byte[] bytes = System.Text.Encoding.ASCII.GetBytes(dat);
        bytes = md5.ComputeHash(bytes);
        string pwd = string.Empty;
        var arry = bytes.ToList();
        for (int i = 0; i < arry.Count; i++)
        {
            try
            {
                pwd += (arry[i] / keyNumber).ToString();
            }
            catch (Exception)
            {
                throw;
            }
        }
        return pwd;
    }
}