|
| 用ASP.NET加密Cookie数据(2) |
| 来源:www.ASPCool.com 人气:1767 录入时间:2007-11-8 |
'标准的DES解密
Public Shared Function Decrypt(ByVal value As String) As String
If value <> "" Then
Dim cryptoProvider As DESCryptoServiceProvider = _
New DESCryptoServiceProvider()
'从字符串转换为字节组
Dim buffer As Byte() = Convert.FromBase64String(value)
Dim ms As MemoryStream = New MemoryStream(buffer)
Dim cs As CryptoStream = _
New CryptoStream(ms, cryptoProvider.CreateDecryptor(KEY_64, IV_64), _
CryptoStreamMode.Read)
Dim sr As StreamReader = New StreamReader(cs)
Return sr.ReadToEnd()
End If
End Function
'TRIPLE DES加密
Public Shared Function EncryptTripleDES(ByVal value As String) As String
If value <> "" Then
Dim cryptoProvider As TripleDESCryptoServiceProvider = _
New TripleDESCryptoServiceProvider()
Dim ms As MemoryStream = New MemoryStream()
Dim cs As CryptoStream = _
New CryptoStream(ms, cryptoProvider.CreateEncryptor(KEY_192, IV_192), _
CryptoStreamMode.Write)
Dim sw As StreamWriter = New StreamWriter(cs)
sw.Write(value)
sw.Flush()
cs.FlushFinalBlock()
ms.Flush()
'再转换为一个字符串
Return Convert.ToBase64String(ms.GetBuffer(), 0, ms.Length)
End If
End Function
'TRIPLE DES解密
Public Shared Function DecryptTripleDES(ByVal value As String) As String
If value <> "" Then
Dim cryptoProvider As TripleDESCryptoServiceProvider = _
New TripleDESCryptoServiceProvider()
'从字符串转换为字节组
Dim buffer As Byte() = Convert.FromBase64String(value)
Dim ms As MemoryStream = New MemoryStream(buffer)
Dim cs As CryptoStream = _
New CryptoStream(ms, cryptoProvider.CreateDecryptor(KEY_192, IV_192), _
CryptoStreamMode.Read)
Dim sr As StreamReader = New StreamReader(cs)
Return sr.ReadToEnd()
End If
End Function
End Class
上面我们将一组字节初始化为密钥,并且使用的是数字常量,如果你在实际应用中也这样做,这些字节一定要在0和255之间,这是一个字节允许的范围值。
三、创建一个Cookie的应用类
下面我们就创建一个简单的类,来设置和获取Cookies。
Public Class CookieUtil
'设置COOKIE *****************************************************
'SetTripleDESEncryptedCookie (只针对密钥和Cookie数据)
Public Shared Sub SetTripleDESEncryptedCookie(ByVal key As String, _
ByVal value As String)
key = CryptoUtil.EncryptTripleDES(key)
value = CryptoUtil.EncryptTripleDES(value)
SetCookie(key, value)
End Sub
'SetTripleDESEncryptedCookie (增加了Cookie数据的有效期参数)
Public Shared Sub SetTripleDESEncryptedCookie(ByVal key As String, _
ByVal value As String, ByVal expires As Date)
key = CryptoUtil.EncryptTripleDES(key)
value = CryptoUtil.EncryptTripleDES(value)
SetCookie(key, value, expires)
End Sub
'SetEncryptedCookie(只针对密钥和Cookie数据)
Public Shared Sub SetEncryptedCookie(ByVal key As String, _
ByVal value As String)
key = CryptoUtil.Encrypt(key)
value = CryptoUtil.Encrypt(value)
SetCookie(key, value)
End Sub
'SetEncryptedCookie (增加了Cookie数据的有效期参数)
Public Shared Sub SetEncryptedCookie(ByVal key As String, _
ByVal value As String, ByVal expires As Date)
key = CryptoUtil.Encrypt(key)
value = CryptoUtil.Encrypt(value)
SetCookie(key, value, expires)
End Sub
'SetCookie (只针对密钥和Cookie数据)
Public Shared Sub SetCookie(ByVal key As String, ByVal value As String)
'编码部分
key = HttpContext.Current.Server.UrlEncode(key)
value = HttpContext.Current.Server.UrlEncode(value)
Dim cookie As HttpCookie
cookie = New HttpCookie(key, value)
SetCookie(cookie)
End Sub
'SetCookie(增加了Cookie数据的有效期参数)
Public Shared Sub SetCookie(ByVal key As String, _
ByVal value As String, ByVal expires As Date)
'编码部分
key = HttpContext.Current.Server.UrlEncode(key)
value = HttpContext.Current.Server.UrlEncode(value)
Dim cookie As HttpCookie
cookie = New HttpCookie(key, value)
cookie.Expires = expires
SetCookie(cookie)
End Sub
'SetCookie (只针对HttpCookie)
Public Shared Sub SetCookie(ByVal cookie As HttpCookie)
HttpContext.Current.Response.Cookies.Set(cookie)
End Sub
'获取COOKIE *****************************************************
Public Shared Function GetTripleDESEncryptedCookieValue(ByVal key As String) _
As String
'只对密钥加密
key = CryptoUtil.EncryptTripleDES(key)
'获取Cookie值
Dim value As String
value = GetCookieValue(key)
'解密Cookie值
value = CryptoUtil.DecryptTripleDES(value)
Return value
End Function
Public Shared Function GetEncryptedCookieValue(ByVal key As String) As String
'只对密钥加密
key = CryptoUtil.Encrypt(key)
'获取Cookie值
Dim value As String
value = GetCookieValue(key)
'解密Cookie值
value = CryptoUtil.Decrypt(value)
Return value
End Function
Public Shared Function GetCookie(ByVal key As String) As HttpCookie
'编码密钥
key = HttpContext.Current.Server.UrlEncode(key)
Return HttpContext.Current.Request.Cookies.Get(key)
End Function
Public Shared Function GetCookieValue(ByVal key As String) As String
Try
'编码在GetCookie里完成
'获取Cookie值
Dim value As String
value = GetCookie(key).Value
'解码所存储的值
value = HttpContext.Current.Server.UrlDecode(value)
Return value
Catch
End Try
End Function
End Class
上面的设置功能中,有些功能附加提供了Cookie有效期这个参数。不设置该参数,Cookie将只为浏览器会话才保存在内存中。为了设置永久的Cookie,就需要设置有效期参数。
上面我们对密钥和Cookies值进行了编码与解码,其原因是Cookies与URLs有同样的限制,字符“=”和“;”是保留的,不能使用。这在保存加密后的数据时尤其重要,因为加密算法将添加“=”,按所分配块的大小来填满该数据块。
好了,你会保护Cookies数据了吧?
|
| |
|
