Third
Fifth
sixth
eight is not there...............
Ninth Stape
Wednesday, 26 December 2012
Monday, 24 December 2012
How to encrypt and decrypt password in asp.net using C#?
Hi
Storing password in database as encrypted form is the good practice to store password. We can do this task using so many algorithms.
Storing password in database as encrypted form is the good practice to store password. We can do this task using so many algorithms.
But here I m going to show you one of the easiest and complete secure method to encrypt and decrypt the password.
If you are storing password as encrypted formate using any algorithm without any salt value. Then hacker can easily decrypt the password using decryption method of same alogorith. But if you are using some salt value in your encrypted password then it will give completely strong encrtypted password.
Here we are mixing random salt value in encrtpted password.So It will be impossible to hack the data from database.
Here are some steps to do this tasks
Step1: Create one class i.e “Helper.cs” and write method like this.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Text;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;namespace Salt_Password_Sample
{
public class Helper
{public static string ComputeHash(string plainText, string hashAlgorithm,byte[] saltBytes)
{
// If salt is not specified, generate it.
if (saltBytes == null)
{
// Define min and max salt sizes.
int minSaltSize = 4;
int maxSaltSize = 8;// Generate a random number for the size of the salt.
Random random = new Random();
int saltSize = random.Next(minSaltSize, maxSaltSize);// Allocate a byte array, which will hold the salt.
saltBytes = new byte[saltSize];// Initialize a random number generator.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();// Fill the salt with cryptographically strong byte values.
rng.GetNonZeroBytes(saltBytes);
}// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);// Allocate array, which will hold plain text and salt.
byte[] plainTextWithSaltBytes =
new byte[plainTextBytes.Length + saltBytes.Length];// Copy plain text bytes into resulting array.
for (int i=0; i < plainTextBytes.Length; i++)
plainTextWithSaltBytes[i] = plainTextBytes[i];// Append salt bytes to the resulting array.
for (int i=0; i < saltBytes.Length; i++)
plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];HashAlgorithm hash;// Make sure hashing algorithm name is specified.
if (hashAlgorithm == null)
hashAlgorithm = "";// Initialize appropriate hashing algorithm class.
switch (hashAlgorithm.ToUpper())
{case "SHA384":
hash = new SHA384Managed();
break;case "SHA512":
hash = new SHA512Managed();
break;default:
hash = new MD5CryptoServiceProvider();
break;
}// Compute hash value of our plain text with appended salt.
byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);// Create array which will hold hash and original salt bytes.
byte[] hashWithSaltBytes = new byte[hashBytes.Length +
saltBytes.Length];// Copy hash bytes into resulting array.
for (int i=0; i < hashBytes.Length; i++)
hashWithSaltBytes[i] = hashBytes[i];// Append salt bytes to the result.
for (int i=0; i < saltBytes.Length; i++)
hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];// Convert result into a base64-encoded string.
string hashValue = Convert.ToBase64String(hashWithSaltBytes);// Return the result.
return hashValue;
}public static bool VerifyHash(string plainText, string hashAlgorithm, string hashValue)
{// Convert base64-encoded hash value into a byte array.
byte[] hashWithSaltBytes = Convert.FromBase64String(hashValue);// We must know size of hash (without salt).
int hashSizeInBits, hashSizeInBytes;// Make sure that hashing algorithm name is specified.
if (hashAlgorithm == null)
hashAlgorithm = "";// Size of hash is based on the specified algorithm.
switch (hashAlgorithm.ToUpper())
{case "SHA384":
hashSizeInBits = 384;
break;case "SHA512":
hashSizeInBits = 512;
break;default: // Must be MD5
hashSizeInBits = 128;
break;
}// Convert size of hash from bits to bytes.
hashSizeInBytes = hashSizeInBits / 8;// Make sure that the specified hash value is long enough.
if (hashWithSaltBytes.Length < hashSizeInBytes)
return false;// Allocate array to hold original salt bytes retrieved from hash.
byte[] saltBytes = new byte[hashWithSaltBytes.Length - hashSizeInBytes];// Copy salt from the end of the hash to the new array.
for (int i=0; i < saltBytes.Length; i++)
saltBytes[i] = hashWithSaltBytes[hashSizeInBytes + i];// Compute a new hash string.
string expectedHashString = ComputeHash(plainText, hashAlgorithm, saltBytes);// If the computed hash matches the specified hash,
// the plain text value must be correct.
return (hashValue == expectedHashString);
}}
}
Step2: Call that method in code behind file like this.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;namespace Salt_Password_Sample
{
public partial class WebForm1 : System.Web.UI.Page
{protected void Page_Load(object sender, EventArgs e)
{}protected void EncryptBtn_Click(object sender, EventArgs e)
{string EPass = Helper.ComputeHash(TextBox1.Text, “SHA512″, null);
lblmsg.Text = EPass;
}protected void Button1_Click(object sender, EventArgs e)
{
bool flag = Helper.VerifyHash(TextBox1.Text, “SHA512″, lblmsg.Text);
if (flag == true)
{
lblmsg1.Text = “You are the correct user”;
}}
}
}
how to encrypt and decrypt password and stored in database using asp.net or encrypt or decrypt user password with c#
Introduction
Here I will explain how to encrypt data and save it in database and how to decrypt encrypted data in database using asp.net
Description
First we will learn what is encryption and decryption
Encryption is the process of translating plain text data into something that appears to be random and meaningless.
Decryption is the process of translating random and meaningless data to plain text.
Why we need to use this Encryption and decryption processes
By using this process we can hide original data and display some junk data based on this we can provide some security for our data.
Here I will explain how to encrypt data and how to save that data into database after that I will show how to decrypt that encrypted data in database and how we can display that decrypted data on form.
I have a form with four fileds username, password, firstname, lastname here I am encrypting password data and saving that data into database after that I am getting from database and decrypting the encrypted password data and displaying that data using gridview.
Design your aspx like this
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<table align="center">
<tr>
<td colspan="2">
<b>Encryption and Decryption of Password</b>
</td>
</tr>
<tr>
<td>
UserName
</td>
<td>
<asp:TextBox ID="txtname" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox>
</td>
</tr>
<tr>
<td>
FirstName
</td>
<td>
<asp:TextBox ID="txtfname" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
LastName
</td>
<td>
<asp:TextBox ID="txtlname" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
</td>
<td>
<asp:Button ID="btnSubmit" runat="server" Text="Submit"
onclick="btnSubmit_Click" />
</td>
</tr>
</table>
</div>
<div>
<table align="center">
<tr>
<td>
<b>Encryption of Password Details</b>
</td>
</tr>
<tr>
<td>
<asp:GridView ID="gvUsers" runat="server" CellPadding="4" BackColor="White"
BorderColor="#CC9966" BorderStyle="None" BorderWidth="1px">
<RowStyle BackColor="White" ForeColor="#330099" />
<FooterStyle BackColor="#FFFFCC" ForeColor="#330099" />
<PagerStyle BackColor="#FFFFCC" ForeColor="#330099" HorizontalAlign="Center" />
<SelectedRowStyle BackColor="#FFCC66" Font-Bold="True" ForeColor="#663399" />
<HeaderStyle BackColor="#990000" Font-Bold="True" ForeColor="#FFFFCC"
HorizontalAlign="Left"/>
</asp:GridView>
</td>
</tr>
</table>
</div>
<div>
<table align="center">
<tr>
<td>
<b>Decryption of Password Details</b>
</td>
</tr>
<tr>
<td>
<asp:GridView ID="gvdecryption" runat="server" BackColor="White"
BorderColor="#CC9966" BorderStyle="None" BorderWidth="1px" CellPadding="4"
onrowdatabound="gvdecryption_RowDataBound">
<RowStyle BackColor="White" ForeColor="#330099" />
<FooterStyle BackColor="#FFFFCC" ForeColor="#330099" />
<PagerStyle BackColor="#FFFFCC" ForeColor="#330099" HorizontalAlign="Center" />
<SelectedRowStyle BackColor="#FFCC66" Font-Bold="True" ForeColor="#663399" />
<HeaderStyle BackColor="#990000" Font-Bold="True" ForeColor="#FFFFCC" />
</asp:GridView>
</td>
</tr>
</table>
</div>
</form>
</body>
</html>
|
After that add System.Text namespace in code behind because in this namespace contains classes representing ASCII and Unicode character encodings
After that add following code in code behind and design one table in database with four fields and give name as "SampleUserdetails"
private const string strconneciton = "Data Source=MYCBJ017550027;Initial Catalog=MySamplesDB;Integrated Security=True";
SqlConnection con = new SqlConnection(strconneciton);
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
BindencryptedData();
BindDecryptedData();
}
}
/// <summary>
/// btnSubmit event is used to insert user details with password encryption
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strpassword = Encryptdata(txtPassword.Text);
con.Open();
SqlCommand cmd = new SqlCommand("insert into SampleUserdetails(UserName,Password,FirstName,LastName) values('" + txtname.Text + "','" + strpassword + "','" + txtfname.Text + "','" + txtlname.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
BindencryptedData();
BindDecryptedData();
}
/// <summary>
/// Bind user Details to gridview
/// </summary>
protected void BindencryptedData()
{
con.Open();
SqlCommand cmd = new SqlCommand("select * from SampleUserdetails", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
gvUsers.DataSource = ds;
gvUsers.DataBind();
con.Close();
}
/// <summary>
/// Bind user Details to gridview
/// </summary>
protected void BindDecryptedData()
{
con.Open();
SqlCommand cmd = new SqlCommand("select * from SampleUserdetails", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
gvdecryption.DataSource = ds;
gvdecryption.DataBind();
con.Close();
}
/// <summary>
/// Function is used to encrypt the password
/// </summary>
/// <param name="password"></param>
/// <returns></returns>
private string Encryptdata(string password)
{
string strmsg = string.Empty;
byte[] encode = new byte[password.Length];
encode = Encoding.UTF8.GetBytes(password);
strmsg = Convert.ToBase64String(encode);
return strmsg;
}
/// <summary>
/// Function is used to Decrypt the password
/// </summary>
/// <param name="password"></param>
/// <returns></returns>
private string Decryptdata(string encryptpwd)
{
string decryptpwd = string.Empty;
UTF8Encoding encodepwd = new UTF8Encoding();
Decoder Decode = encodepwd.GetDecoder();
byte[] todecode_byte = Convert.FromBase64String(encryptpwd);
int charCount = Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
char[] decoded_char = new char[charCount];
Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
decryptpwd = new String(decoded_char);
return decryptpwd;
}
/// <summary>
/// rowdatabound condition is used to change the encrypted password format to decryption format
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void gvdecryption_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
string decryptpassword = e.Row.Cells[2].Text;
e.Row.Cells[2].Text = Decryptdata(decryptpassword);
}
} |
Subscribe to:
Comments
(
Atom
)