Work record: C × ashx generates verification code picture and verification

Due to the vulnerability of the verification code in the work, it needs to be modified. Baidu has done a lot, and then it's not just this problem, it's that problem,



1. Verification code image generation This brother's. The ashx code is as follows

using System;
using System.Collections.Generic;
using System.Drawing;
using System.Drawing.Imaging;
using System.Text;
using System.Web;

    /// <summary>
    /// ImageCodeHandler Picture verification code
    /// </summary>
    public class ImageCodeHandler : IHttpHandler, System.Web.SessionState.IRequiresSessionState

        public void ProcessRequest(HttpContext context)
            bool isCreate = true;
            //Initialization of creation time, get new verification code again when the page is refreshed
            context.Session["CreateTime"] = null;
            if (context.Session["CreateTime"] == null)
                context.Session["CreateTime"] = DateTime.Now;
                DateTime startTime = Convert.ToDateTime(context.Session["CreateTime"]);
                DateTime endTime = Convert.ToDateTime(DateTime.Now);
                TimeSpan ts = endTime - startTime;

                // New verification code will be obtained after timeout
                if (ts.Minutes > 15)
                    isCreate = true;
                    context.Session["CreateTime"] = DateTime.Now;
                    isCreate = false;
            context.Response.ContentType = "image/gif";
            //Draw an image
            Bitmap basemap = new Bitmap(200, 60);
            Graphics graph = Graphics.FromImage(basemap);
            graph.FillRectangle(new SolidBrush(Color.White), 0, 0, 200, 60);
            Font font = new Font(FontFamily.GenericSerif, 48, FontStyle.Bold, GraphicsUnit.Pixel);
            Random r = new Random();
            //The characters that will appear can be added with letters if necessary: ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghijklmnpqrstuvwxyz0123456789
            string letters = "0123456789";
            string letter;
            StringBuilder s = new StringBuilder();
            if (isCreate)
                // Randomly generate 4 letters or numbers
                for (int x = 0; x < 4; x++)
                    letter = letters.Substring(r.Next(0, letters.Length - 1), 1);

                    // Draw text
                    graph.DrawString(letter, font, new SolidBrush(Color.Black), x * 38, r.Next(0, 15));
                // If the creation fails, draw the previously existing verification code
                string currentCode = context.Session["ValidateCode"].ToString();
                foreach (char item in currentCode)
                    letter = item.ToString();
                    // Draw text
                    graph.DrawString(letter, font, new SolidBrush(Color.Black), currentCode.IndexOf(item) * 38, r.Next(0, 15));
            // Confusing the background
            Pen linePen = new Pen(new SolidBrush(Color.Black), 2);
            for (int x = 0; x < 10; x++)
                graph.DrawLine(linePen, new Point(r.Next(0, 199), r.Next(0, 59)), new Point(r.Next(0, 199), r.Next(0, 59)));
            // Save picture
            basemap.Save(context.Response.OutputStream, ImageFormat.Gif);
            // Pass the value of the verification code
            context.Session["ValidateCode"] = s.ToString();

        public bool IsReusable
                return false;

2. In html page reference, I save the picture on another page, because clicking the picture needs to refresh the verification code, so as not to refresh the whole page. If it is introduced directly into the page, the whole page will be refreshed with the refresh verification code, which is not very friendly. In addition, the verification code generated in the background is stored in the session. If it is not introduced in this way, the session cannot be kept in the same session. There must be a better solution...


<!DOCTYPE html>
<html lang="en">
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <link rel="stylesheet" href="../cn2019/css/purchase.css" />
    <link rel="stylesheet" href="../cn2019/css/footer.css" />
        #form1 > div > input{
            height: 30px;
    width: 100px;
    float: right;
    function relo() {

    <div class="">
        <div class="main">
            <form id="form1" runat="server">
                    <asp:ImageButton ID="img_validCode" ImageUrl="../cn2016/mobile/ImageCodeHandler.ashx" runat="server"/>

3. Add in the required page



<iframe name="myFrame" style="width: 100px;height:30px;" src="../cn2019/yzm.html" frameborder="0"></iframe>

4. The final effect of the page. Click the number to refresh the verification code


5, the verification code is checked in the background. If the verification code input is wrong, it will be called after the prompt: myFrame.window.relo() to refresh the page verification code. MyFrame is a custom name value when the picture is introduced, and relo() is a custom refreshing method of the current page on the yzm.html page. Call failed, please contact the front end~~~

6. Background verification code. Take out the verification code from the session. When using the session, the interface needs to inherit System.Web.UI.Page and IReadOnlySessionState



String code = Session["ValidateCode"].ToString().ToLower();

Tags: C# Session Mobile IE

Posted on Wed, 13 May 2020 11:34:50 -0400 by