11.2VisualStudio2005内的SQLServer方案

<SqlProcedure(name:="WriteHashedPassword")> _

Public Shared Sub WriteHashedPassword(ByVal UserName As String, ByVal Password As String)

'将账号/密码经过 Sha1 Hash 口算法换算后，再存入数据表

Try

    Using cnn As New SqlConnection("Context Connection=true")

        cnn.Open()

        Using sqlCmd As New SqlCommand

            Dim sh1 As New SHA1Managed

            Dim uEncode As New UnicodeEncoding

 

            '将密码以 SHA1 计算哈希值，再以 Base64 编码。

            Dim txtBytes As Byte() = uEncode.GetBytes(Password)

            Dim hashedPassword As Byte() = sh1.ComputeHash(txtBytes)

            Dim strHash As String = Convert.ToBase64String(hashedPassword)

 

            Dim dml As String = "INSERT NamePass VALUES(@UserName,@HashAsString)"

            With sqlCmd

                .Connection = cnn

                .CommandText = dml

                '通过 SqlParameter 对象设置 SqlCommand 对象所包含 T-SQL 语法

                '需要的参数

                .Parameters.Add(New SqlParameter("@UserName", SqlDbType.NVarChar, 50))

                .Parameters(0).Value = UserName

                .Parameters.Add(New SqlParameter("@HashAsString", SqlDbType.NVarChar, 100))

                .Parameters(1).Value = strHash

                 sqlCmd.ExecuteNonQuery()

            End With

        End Using

        cnn.Close()

    End Using

Catch ex As Exception

    Dim fs As New FileStream("C:\YukonCLR.log", FileMode.OpenOrCreate, FileAccess.Write)

    Dim sw As New StreamWriter(fs)

    sw.WriteLine(ex.ToString())

    sw.Close()

End Try

End Sub

常常有朋友询问如何将用户输入的密码通过哈希(Hash)算法计算过后再放入数据库中，在以往笔者只能建议在应用程序端编写，现在相同的语法可以写成存储过程保存在 SQL Server 内，如程序代码列表11-2 所示。而一般的用户只需要简单地调用存储过程，就可以将密码通过 .NET Framework 提供的 SHA1 哈希算法编码后，再存入到数据表。