#眉標=ASP.NET
#副標=ASP.NET 網頁安全
#大標=ASP.NET 防駭指南
#作者=作者／李明儒

==<程式1>===========

protected void Button1_Click(object sender, EventArgs e)
{
    using (SqlConnection cn = new SqlConnection("Data Source=(local);User Id=sa; Password=mypassword; Initial Catalog=Lab;"))
    {
        cn.Open();
        string sqlText = "SELECT UserName FROM tblAccount WHERE Account='" + txtUID.Text + "' AND Password='" + txtPWD.Text + "'";
 SqlCommand cmd = new SqlCommand(sqlText, cn);
 SqlDataReader dr = cmd.ExecuteReader();
        if (dr.Read())
 Response.Write("歡迎登入! " + dr["UserName"].ToString());
        else
            Response.Write("帳號或密碼錯誤!");
        dr.Close();
        cn.Close();
    }
}
====<程式1 end>==============


==<程式2>===========
cn.Open();
string sqlText = "SELECT UserName FROM tblAccount WHERE Account=@account AND Password=@password";
SqlCommand cmd = new SqlCommand(sqlText, cn);
cmd.Parameters.Add("@account",
 (acle，是沒為此應用程式另外建立專屬帳號，而是                                                                                                       SqlDbType.NVarChar).Value = txtUID.Text;
cmd.Parameters.Add("@password",  
SqlDbType.NVarChar).Value = txtPWD.Text;
SqlDataReader dr = cmd.ExecuteReader();
==<程式2 end>==============

==<程式3>===========
using System;
using System.Security.Cryptography;
using System.Text;
using System.IO;

public struct DESKeyPack
{
    public byte[] Key, IV;
    public DESKeyPack(byte[] data)
    {
        Key = new byte[8];
        Buffer.BlockCopy(data, 0, Key, 0, 8);
        IV = new byte[8];
        Buffer.BlockCopy(data, 8, IV, 0, 8);
    }
}

public class Cipher
{
    private static DESKeyPack genKeyPack(string keyString)
    {
        //可以在不同的版本設不同的SALT值
        //則不同版本的程式不能用來解密
        const string salt = "SALT";
        MD5CryptoServiceProvider md5 = new  MD5CryptoServiceProvider();
        byte[] data = md5.ComputeHash(
UTF8Encoding.UTF8.GetBytes(keyString + salt)
            );
        md5.Clear();
        DESKeyPack dkp = new DESKeyPack(data);
        return dkp;
    }

  public static string Encrypt(string rawString, string keyString) 
  {
    DESKeyPack dkp = genKeyPack(keyString);
    DESCryptoServiceProvider des = new DESCryptoServiceProvider();
    ICryptoTransform trans = des.CreateEncryptor(
            dkp.Key, dkp.IV
        );
    MemoryStream ms = new MemoryStream();
    CryptoStream cs = new CryptoStream(ms, trans, CryptoStreamMode.Write);
    byte[] rawData = UTF8Encoding.UTF8.GetBytes(rawString);
    cs.Write(rawData, 0, rawData.Length);
    cs.FlushFinalBlock();
    cs.Close();
    return Convert.ToBase64String(ms.ToArray());
  }
public static string Decrypt(string encString, string keyString)
  {
    DESKeyPack dkp = genKeyPack(keyString);
    DESCryptoServiceProvider des = new DESCryptoServiceProvider();
    ICryptoTransform trans = des.CreateDecryptor(
            dkp.Key, dkp.IV
        );
    MemoryStream ms = new MemoryStream();
    CryptoStream cs = new CryptoStream(ms, trans, CryptoStreamMode.Write);
    byte[] rawData = Convert.FromBase64String(encString);
    cs.Write(rawData, 0, rawData.Length);
    cs.FlushFinalBlock();
    cs.Close();
    return     UTF8Encoding.UTF8.GetString(ms.ToArray());
  }
}
==<程式3 end>==============

==<程式4>===========
protected void Page_Load(object sender, EventArgs e)
{
  string rawString="Hello World!";
  string encString = Cipher.Encrypt(rawString, "MyKey");
  Response.Write("<br>ENC=" + encString);
  string decString = Cipher.Decrypt(encString, "MyKey");
  Response.Write("<br>DEC=" +    decString);
}
顯示結果:
ENC=kGdj4wLUX1NVd5BGB3w/iA==
DEC=Hello World!
==<程式4 end>==============