您永远不应该将密码存储在数据库中。这是不安全的，绝对不需要进行身份验证。不同意？惊讶吗？然后请阅读我过去的答案：

我已经加密了我的密码但是当我登录时给了我一个错误。如何解密 [ ^ ] ，

解密加密密码 [ ^ ]，

存储密码值int sql server with secure方式 [ ^ ]。



使用ASP.NET，您可以实现一切：

客户端： http://code.google.com/p/crypto-js [ ^ ]。

服务器端，.NET：http://msdn.microsoft.com/en-us/library/system。 security.cryptography.sha256％28v = vs.110％29.aspx [ ^ ]。



但即使这还不够如果您没有使用HTTPS和传输级安全性。基于加密哈希的方法将完美地运行：恶意研究人员可以窃听您的通信，但仍然无法找出您的密码。但是这样的人可以在不知道密码的情况下捕获您的哈希本身并冒充您。更容易受到影响的时刻是您首次创建密码的时间。传输级别的安全性将保护您免受此类攻击。



请参阅：

http://en.wikipedia.org/wiki/HTTPS [ ^ ]，

http：//en.wikipedia。 org / wiki / Transport_Layer_Security [ ^ ]。 />

-SA

You should never ever store passwords in database. This is unsafe and absolutely not needed for authentication. Disagree? surprised? Then please read my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].

With ASP.NET you have everything implemented for you:
Client-side: http://code.google.com/p/crypto-js[^].
Server-side, .NET: http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256%28v=vs.110%29.aspx[^].

But even this is not enough if you are not using HTTPS and transport-level security. The approach based on cryptographic hash will work perfectly: a malicious researcher can eavesdrop your communication and still won't be able to figure out your password. But such person can capture your hash itself and impersonate you without knowing you password. Even more vulnerable moment is the time when you first create a password. Transport-level security will protect you from such attacks.

Please see:
http://en.wikipedia.org/wiki/HTTPS[^],
http://en.wikipedia.org/wiki/Transport_Layer_Security[^].

—SA