使用ASP.NET加密Cookie
Cookie是ASP.NET应用程序中很重要的一个全局变量,它可以用来保存用户登录信息、用户会话信息,以及一些全局变量或数据。为了提高应用程序的安全性,加密Cookie是很有必要的。本实例介绍在ASP.NET应用程序中加密Cookie的方法。
技术要点
本实例介绍如何使用在ASP.NET应用程序中的加密Cookie的方法。实例中采用的加密方法为DES和TripleDES两种方法,程序中均实现了DES和TripleDES的加密和解密方法,同时还设置了创建处理Cookie的类CookieEncrypt。
跟我做
1.创建新ASP.NET应用程序
在Visual Studio .NET 2003集成开发环境中创建新的ASP.NET Web应用程序,命名为Example_12_6。
2.创建加密Cookie的类EncryptString
在应用程序Example_12_6中添加类文件EncryptString.cs,该文件实现使用DES方法加密、解密数据和使用TripleDES方法加密、解密数据的方法,还定义了用来加密、解密的密钥Key以及IV。类文件EncryptString.cs的程序代码如下:
public class EncryptString
{
private static byte[] Key64 = {42, 16, 93, 156, 78, 4, 218, 32};
private static byte[] IV64 = {55, 103, 246, 79, 36, 99, 167, 3};
private static byte[] Key192 = {42, 16, 93, 156, 78, 4, 218, 32,15, 167,
44,80, 26, 250, 155, 112,2, 94, 11, 204, 119, 35, 184, 197};
private static byte[] IV192 = {55, 103, 246, 79, 36, 99, 167, 3,42,
5, 62,83, 184, 7, 209, 13,145, 23, 200, 58, 173, 10, 121, 222};
public static String Encrypt(String valueString)
{
if(valueString != "")
{ //定义DES的Provider
DESCryptoServiceProvider desprovider =
new DESCryptoServiceProvider();
//定义内存流
MemoryStream memoryStream = new MemoryStream();
//定义加密流
CryptoStream cryptoStream = new CryptoStream(memoryStream,
desprovider.CreateEncryptor(Key64,IV64),
CryptoStreamMode.Write);
//定义写IO流
StreamWriter writerStream = new StreamWriter(cryptoStream);
//写入加密后的字符流
writerStream.Write(valueString);
writerStream.Flush();
cryptoStream.FlushFinalBlock();
memoryStream.Flush();
//返回加密后的字符串
return(Convert.ToBase64String(memoryStream.GetBuffer(),0,
(int)memoryStream.Length));
}
return(null);
}
public static String Decrypt(String valueString)
{
if(valueString != "")
{ //定义DES的Provider
DESCryptoServiceProvider desprovider =
new DESCryptoServiceProvider();
//转换解密的字符串为二进制
byte[] buffer = Convert.FromBase64String(valueString);
//定义内存流
MemoryStream memoryStream = new MemoryStream();
//定义加密流
CryptoStream cryptoStream = new CryptoStream(memoryStream,
desprovider.CreateEncryptor(Key64,IV64),
CryptoStreamMode.Read);
//定义读IO流
StreamReader readerStream = new StreamReader(cryptoStream);
//返回解密后的字符串
return(readerStream.ReadToEnd());
}
return(null);
}
public static String EncryptTripleDES(String valueString)
{
if(valueString != "")
{ //定义TripleDES的Provider
TripleDESCryptoServiceProvider triprovider =
new TripleDESCryptoServiceProvider();
//定义内存流
MemoryStream memoryStream = new MemoryStream();
//定义加密流
CryptoStream cryptoStream = new CryptoStream(memoryStream,
triprovider.CreateEncryptor(Key192,IV192),
CryptoStreamMode.Write);
//定义写IO流
StreamWriter writerStream = new StreamWriter(cryptoStream);
//写入加密后的字符流
writerStream.Write(valueString);
writerStream.Flush();
cryptoStream.FlushFinalBlock();
memoryStream.Flush();
//返回加密后的字符串
return(Convert.ToBase64String(memoryStream.GetBuffer(),0,
(int)memoryStream.Length));
}
return(null);
}
public static String DecryptTripleDES(String valueString)
{
if(valueString != "")
{ //定义TripleDES的Provider
TripleDESCryptoServiceProvider triprovider =
new TripleDESCryptoServiceProvider();
//转换解密的字符串为二进制
byte[] buffer = Convert.FromBase64String(valueString);
//定义内存流
MemoryStream memoryStream = new MemoryStream();
//定义加密流
CryptoStream cryptoStream = new CryptoStream(memoryStream,
triprovider.CreateEncryptor(Key64,IV64),
CryptoStreamMode.Read);
//定义读IO流
StreamReader readerStream = new StreamReader(cryptoStream);
//返回解密后的字符串
return(readerStream.ReadToEnd());
}
return(null);
}
}
3.创建处理Cookie的类CookieEncrypt
在应用程序Example_12_6中的类文件EncryptString.cs中添加类CookieEncrypt,该类用来处理应用程序的Cookie,如加密Cookie、获取Cookie、解密Cookie等。类CookieEncrypt的程序代码如下:
public class CookieEncrypt
{
public static void SetCookie(HttpCookie cookie)
{ //设置Cookie
HttpContext.Current.Response.Cookies.Set(cookie);
}
public static void SetCookie(String key,String valueString)
{ //设置加密后的Cookie
key = HttpContext.Current.Server.UrlEncode(key);
valueString = HttpContext.Current.Server.UrlEncode(valueString);
HttpCookie cookie = new HttpCookie(key,valueString);
SetCookie(cookie);
}
public static void SetCookie(String key,String valueString,
DateTime expires)
{ //设置加密后的Cookie,并设置Cookie的有效时间
key = HttpContext.Current.Server.UrlEncode(key);
valueString = HttpContext.Current.Server.UrlEncode(valueString);
HttpCookie cookie = new HttpCookie(key,valueString);
cookie.Expires = expires;
SetCookie(cookie);
}
public static void SetTripleDESEncryptedCookie(String key,
String valueString)
{ //设置使用TripleDES加密后的Cookie
key = EncryptString.EncryptTripleDES(key);
valueString = EncryptString.EncryptTripleDES(valueString);
SetCookie(key,valueString);
}
public static void SetTripleDESEncryptedCookie(String key,
String valueString,DateTime expires)
{ //设置使用TripleDES加密后的Cookie,并设置Cookie的有效时间
key = EncryptString.EncryptTripleDES(key);
valueString = EncryptString.EncryptTripleDES(valueString);
SetCookie(key,valueString,expires);
}
public static void SetEncryptedCookie(String key,String valueString)
{ //设置使用DES加密后的Cookie
key = EncryptString.Encrypt(key);
valueString = EncryptString.Encrypt(valueString);
SetCookie(key,valueString);
}
public static void SetEncryptedCookie(String key,
String valueString,DateTime expires)
{ //设置使用DES加密后的Cookie,并设置Cookie的有效时间
key = EncryptString.Encrypt(key);
valueString = EncryptString.Encrypt(valueString);
SetCookie(key,valueString,expires);
}
public static String GetTripleDESEncryptedCookieValue(String key)
{ //获取使用TripleDES解密后的Cookie
key = EncryptString.EncryptTripleDES(key);
String valueString = GetCookieValue(key);
valueString = EncryptString.DecryptTripleDES(valueString);
return(valueString);
}
public static String GetEncryptedCookieValue(String key)
{ //获取使用DES解密后的Cookie
key = EncryptString.Encrypt(key);
String valueString = GetCookieValue(key);
valueString = EncryptString.Decrypt(valueString);
return(valueString);
}
public static HttpCookie GetCookie(String key)
{ //通过关键字获取Cookie
key = HttpContext.Current.Server.UrlEncode(key);
return(HttpContext.Current.Request.Cookies.Get(key));
}
public static String GetCookieValue(String key)
{ //通过关键字获取Cookie的value
String valueString = GetCookie(key).Value;
valueString = HttpContext.Current.Server.UrlDecode(valueString);
return(valueString);
}
}
4.设计页面EncryptCookies.aspx
把应用程序Example_12_6的默认页面WebForm1.aspx重命名为EncryptCookies.aspx,并在页面上添加3个Label控件,它们的名称分别为TripleDESCookie、EncryptCookie和myCookie,分别用来显示使用TripleDES加密后的Cookie的值、使用DES加密后的Cookie的值和Cookie的原始值。页面EncryptCookies.aspx的设计界面如图12-17所示。
页面EncryptCookies.aspx的HTML设计代码如下:
<asp:Label ID="myCookie" Runat="server"></asp:Label>
<asp:Label ID="EncryptCookie" Runat="server"></asp:Label>
<asp:Label ID="TripleDESCookie" Runat="server"></asp:Label>
5.设计页面EncryptCookies.aspx
页面EncryptCookies.aspx调用函数Page_Load(object sender, System.EventArgs e)初始化,该函数调用函数EncryptMyCookies()获取Cookie的原始值和加密后的值。函数Page_Load()和EncryptMyCookies()的程序代码如下:
private void Page_Load(object sender, System.EventArgs e)
{ //调用函数EncryptMyCookies()获取Cookie的原始值和加密后的值
if(!Page.IsPostBack){EncryptMyCookies();}
}
private void EncryptMyCookies()
{ //获取Cookie的原始值
myCookie.Text =
HttpContext.Current.Response.Cookies[HttpContext.Current.
Response.Cookies.GetKey(0)].Value.ToString();
//获取使用DES加密后Cookie的值
EncryptCookie.Text = EncryptString.Encrypt(myCookie.Text);
//获取使用TripleDES加密后Cookie的值
TripleDESCookie.Text = EncryptString.EncryptTripleDES(myCookie.Text);
}
