C# MD5加密 DES解密
场景:第三方需要直接通过账号登录我方平台
********安全方面的考虑,token值需要定期修改
MD5加密是不可逆的
通过get方式,模拟第三方传过来账号secret和token值
将第三方传过来的加密账号进行解密
<!--加密秘钥,加密账号后传给第三方,第三方得到加密后的账号--> <!--加密秘钥(加密解密都需要用到相同的秘钥)--> <add key ="secretKey" value="c44a471bd78cc6c2fea32b9fe028d30a"/> <!--传值秘钥匹配是否正确--> <add key="token" value="e10adc3949ba59abbe56e057f20f883e"/>
引用DES类
/// <summary> /// 解密验证 /// </summary> /// <param name="secret">0D8B79324852741C62A888CF95E99A98</param> /// <param name="token">e10adc3949ba59abbe56e057f20f883e</param> /// <returns></returns> [AllowAnonymous] public ActionResult DESCheck(string secret,string token) { //加密秘钥(加密解密都需要用到) string secretKey = System.Web.Configuration.WebConfigurationManager.AppSettings["secretKey"]; //传值秘钥 string tokenCheck = System.Web.Configuration.WebConfigurationManager.AppSettings["token"]; //判断第三方传过来的token值与本地的tokenCheck值是否相等 if (token == tokenCheck) { TuserModel user = new TuserModel(); //解密账号 user.Fusername = DES.Decrypt(secret.Trim(), secretKey); user.Fpassword = "ΩΨ"; Result<string> result = TUserBLL.ValidLogin(user); if (result.Code == ResultCode.Success) { return RedirectToAction("Index"); } else { return RedirectToAction("Error"); } } return RedirectToAction("Error"); } [AllowAnonymous] public ActionResult Error() { return View(); }
Error.cshtml错误页面
@{ Layout = null; } <!DOCTYPE html> <html> <head> <meta name="viewport" content="width=device-width" /> <title>Error</title> </head> <body> <div> <h2>页面传值错误!</h2> </div> </body> </html>
DES类
using System; using System.Collections.Generic; using System.Linq; using System.Security.Cryptography; using System.Text; using System.Threading.Tasks; namespace Esomy.Common { public class DES { /// <summary> /// 加密数据 /// </summary> /// <param name="Text"></param> /// <param name="sKey"></param> /// <returns></returns> public static string Encrypt(string Text, string sKey) { DESCryptoServiceProvider des = new DESCryptoServiceProvider(); byte[] inputByteArray; inputByteArray = Encoding.Default.GetBytes(Text); des.Key = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(sKey, "md5").Substring(0, 8)); des.IV = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(sKey, "md5").Substring(0, 8)); System.IO.MemoryStream ms = new System.IO.MemoryStream(); CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(), CryptoStreamMode.Write); cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); StringBuilder ret = new StringBuilder(); foreach (byte b in ms.ToArray()) { ret.AppendFormat("{0:X2}", b); } return ret.ToString(); } /// <summary> /// 密码比较 /// </summary> /// <param name="Text"></param> /// <param name="sKey"></param> /// <param name="ComparePwd"></param> /// <returns></returns> public static bool PwdCompare(string Text, string sKey, string ComparePwd) { string Qpwd = Encrypt(Text, sKey); return ComparePwd == Qpwd; } /// <summary> /// 解密数据 /// </summary> /// <param name="Text"></param> /// <param name="sKey"></param> /// <returns></returns> public static string Decrypt(string Text, string sKey) { DESCryptoServiceProvider des = new DESCryptoServiceProvider(); int len; len = Text.Length / 2; byte[] inputByteArray = new byte[len]; int x, i; for (x = 0; x < len; x++) { i = Convert.ToInt32(Text.Substring(x * 2, 2), 16); inputByteArray[x] = (byte)i; } des.Key = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(sKey, "md5").Substring(0, 8)); des.IV = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(sKey, "md5").Substring(0, 8)); System.IO.MemoryStream ms = new System.IO.MemoryStream(); CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(), CryptoStreamMode.Write); cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); return Encoding.Default.GetString(ms.ToArray()); } } }