ASP.Net 加密 Cookie

Cookie是ASP.NET应用程序中很重要的一个全局变量，它可以用来保存用户登录信息、用户会话信息，以及一些全局变量或数据。为了提高应用程序的安全性，加密Cookie是很有必要的。本实例介绍在ASP.NET应用程序中加密Cookie的方法。

本实例介绍如何使用在ASP.NET应用程序中的加密Cookie的方法。实例中采用的加密方法为DES和TripleDES两种方法，程序中均实现了 DES和TripleDES的加密和解密方法，同时还设置了创建处理Cookie的类CookieEncrypt。



1．创建新ASP.NET应用程序

在Visual Studio .NET 2003集成开发环境中创建新的ASP.NET Web应用程序，命名为Example_12_6。

2．创建加密Cookie的类EncryptString

在应用程序Example_12_6中添加类文件EncryptString.cs，该文件实现使用DES方法加密、解密数据和使用TripleDES方法加密、解密数据的方法，还定义了用来加密、解密的密钥Key以及IV。类文件 EncryptString.cs的程序代码如下：

以下为引用的内容： public class EncryptString { private static byte[] Key64 = {42, 16, 93, 156, 78, 4, 218, 32}; private static byte[] IV64 = {55, 103, 246, 79, 36, 99, 167, 3}; private static byte[] Key192 = {42, 16, 93, 156, 78, 4, 218, 32,15, 167, 44,80, 26, 250, 155, 112,2, 94, 11, 204, 119, 35, 184, 197}; private static byte[] IV192 = {55, 103, 246, 79, 36, 99, 167, 3,42, 5, 62,83, 184, 7, 209, 13,145, 23, 200, 58, 173, 10, 121, 222}; public static String Encrypt(String valueString) { if(valueString != "") { //定义DES的Provider DESCryptoServiceProvider desprovider = new DESCryptoServiceProvider(); //定义内存流 MemoryStream memoryStream = new MemoryStream(); //定义加密流 CryptoStream cryptoStream = new CryptoStream(memoryStream, desprovider.CreateEncryptor(Key64,IV64), CryptoStreamMode.Write); //定义写IO流 StreamWriter writerStream = new StreamWriter(cryptoStream); //写入加密后的字符流 writerStream.Write(valueString); writerStream.Flush(); cryptoStream.FlushFinalBlock(); memoryStream.Flush(); //返回加密后的字符串 return(Convert.ToBase64String(memoryStream.GetBuffer(),0, (int)memoryStream.Length)); } return(null); } public static String Decrypt(String valueString) { if(valueString != "") { //定义DES的Provider DESCryptoServiceProvider desprovider = new DESCryptoServiceProvider(); //转换解密的字符串为二进制 byte[] buffer = Convert.FromBase64String(valueString); //定义内存流 MemoryStream memoryStream = new MemoryStream(); //定义加密流 CryptoStream cryptoStream = new CryptoStream(memoryStream, desprovider.CreateEncryptor(Key64,IV64), CryptoStreamMode.Read); //定义读IO流 StreamReader readerStream = new StreamReader(cryptoStream); //返回解密后的字符串 return(readerStream.ReadToEnd()); } return(null); } public static String EncryptTripleDES(String valueString) { if(valueString != "") { //定义TripleDES的Provider TripleDESCryptoServiceProvider triprovider = new TripleDESCryptoServiceProvider(); //定义内存流 MemoryStream memoryStream = new MemoryStream(); //定义加密流 CryptoStream cryptoStream = new CryptoStream(memoryStream, triprovider.CreateEncryptor(Key192,IV192), CryptoStreamMode.Write); //定义写IO流 StreamWriter writerStream = new StreamWriter(cryptoStream); //写入加密后的字符流 writerStream.Write(valueString); writerStream.Flush(); cryptoStream.FlushFinalBlock(); memoryStream.Flush(); //返回加密后的字符串 return(Convert.ToBase64String(memoryStream.GetBuffer(),0, (int)memoryStream.Length)); } return(null); } public static String DecryptTripleDES(String valueString) { if(valueString != "") { //定义TripleDES的Provider TripleDESCryptoServiceProvider triprovider = new TripleDESCryptoServiceProvider(); //转换解密的字符串为二进制 byte[] buffer = Convert.FromBase64String(valueString); //定义内存流 MemoryStream memoryStream = new MemoryStream(); //定义加密流 CryptoStream cryptoStream = new CryptoStream(memoryStream, triprovider.CreateEncryptor(Key64,IV64), CryptoStreamMode.Read); //定义读IO流 StreamReader readerStream = new StreamReader(cryptoStream); //返回解密后的字符串 return(readerStream.ReadToEnd()); } return(null); } }

3．创建处理Cookie的类CookieEncrypt

在应用程序Example_12_6中的类文件EncryptString.cs中添加类CookieEncrypt，该类用来处理应用程序的 Cookie，如加密Cookie、获取Cookie、解密Cookie等。类CookieEncrypt的程序代码如下：

以下为引用的内容： public class CookieEncrypt { public static void SetCookie(HttpCookie cookie) { //设置Cookie HttpContext.Current.Response.Cookies.Set(cookie); } public static void SetCookie(String key,String valueString) { //设置加密后的Cookie key = HttpContext.Current.Server.UrlEncode(key); valueString = HttpContext.Current.Server.UrlEncode(valueString); HttpCookie cookie = new HttpCookie(key,valueString); SetCookie(cookie); } public static void SetCookie(String key,String valueString, DateTime expires) { //设置加密后的Cookie，并设置Cookie的有效时间 key = HttpContext.Current.Server.UrlEncode(key); valueString = HttpContext.Current.Server.UrlEncode(valueString); HttpCookie cookie = new HttpCookie(key,valueString); cookie.Expires = expires; SetCookie(cookie); } public static void SetTripleDESEncryptedCookie(String key, String valueString) { //设置使用TripleDES加密后的Cookie key = EncryptString.EncryptTripleDES(key); valueString = EncryptString.EncryptTripleDES(valueString); SetCookie(key,valueString); } public static void SetTripleDESEncryptedCookie(String key, String valueString,DateTime expires) { //设置使用TripleDES加密后的Cookie，并设置Cookie的有效时间 key = EncryptString.EncryptTripleDES(key); valueString = EncryptString.EncryptTripleDES(valueString); SetCookie(key,valueString,expires); } public static void SetEncryptedCookie(String key,String valueString) { //设置使用DES加密后的Cookie key = EncryptString.Encrypt(key); valueString = EncryptString.Encrypt(valueString); SetCookie(key,valueString); } public static void SetEncryptedCookie(String key, String valueString,DateTime expires) { //设置使用DES加密后的Cookie，并设置Cookie的有效时间 key = EncryptString.Encrypt(key); valueString = EncryptString.Encrypt(valueString); SetCookie(key,valueString,expires); } public static String GetTripleDESEncryptedCookieValue(String key) { //获取使用TripleDES解密后的Cookie key = EncryptString.EncryptTripleDES(key); String valueString = GetCookieValue(key); valueString = EncryptString.DecryptTripleDES(valueString); return(valueString); } public static String GetEncryptedCookieValue(String key) { //获取使用DES解密后的Cookie key = EncryptString.Encrypt(key); String valueString = GetCookieValue(key); valueString = EncryptString.Decrypt(valueString); return(valueString); } public static HttpCookie GetCookie(String key) { //通过关键字获取Cookie key = HttpContext.Current.Server.UrlEncode(key); return(HttpContext.Current.Request.Cookies.Get(key)); } public static String GetCookieValue(String key) { //通过关键字获取Cookie的value String valueString = GetCookie(key).Value; valueString = HttpContext.Current.Server.UrlDecode(valueString); return(valueString); } }

4 .设计页面EncryptCookies.aspx

以下为引用的内容： 把应用程序Example_12_6的默认页面WebForm1.aspx重命名为 EncryptCookies.aspx，并在页面上添加3个Label控件，它们的名称分别为TripleDESCookie、 EncryptCookie和myCookie，分别用来显示使用TripleDES加密后的Cookie的值、使用DES加密后的Cookie的值和 Cookie的原始值。页面EncryptCookies.aspx的设计界面如图所示。 页面EncryptCookies.aspx的HTML设计代码如下： private void Page_Load(object sender, System.EventArgs e) { //调用函数EncryptMyCookies()获取Cookie的原始值和加密后的值 if(!Page.IsPostBack){EncryptMyCookies();} } private void EncryptMyCookies() { //获取Cookie的原始值 myCookie.Text = HttpContext.Current.Response.Cookies[HttpContext.Current. Response.Cookies.GetKey(0)].Value.ToString(); //获取使用DES加密后Cookie的值 EncryptCookie.Text = EncryptString.Encrypt(myCookie.Text); //获取使用TripleDES加密后Cookie的值 TripleDESCookie.Text = EncryptString.EncryptTripleDES(myCookie.Text); }

运行效果

设置页面EncryptCookies.aspx为应用程序的起始页面，按F5键运行。