Save (Insert) encrypted password in database in ASP.Net using C# and VB.Net

lingers

SOLVED CLOSED ACTIVE ANSWERED
User: lingers
Posted: on May 12, 2021 06:51 AM
Forum: ASP.Net Web Forms
Answer: 2
Views: 6031

I am trying to replicate a web application built in php. I noticed in the password field it is encypted as

e.g 'ggdj7d56hsvfsyjsuy7eijyyebtgdtd' and when i created my password i used 'amazing' as the password and in the databse it is '827ccb0eea8a706c4c34a16891f84e7b'.

How did they do it that the password 'amazing' i entered in thet Textbox was saved as '827ccb0eea8a706c4c34a16891f84e7b' in the database.

Please help .

My code

<table style="width: 40%; margin-top: 17px;">
    <tr>
        <td class="style1">&nbsp;</td>
        <td>
            <asp:TextBox ID="TextBox3" runat="server" Width="197px"></asp:TextBox>
        </td>
    </tr>
    <tr>
        <td class="style1">&nbsp;</td>
        <td>
            <asp:TextBox ID="TextBox4" runat="server" Width="197px"></asp:TextBox>
        </td>
    </tr>
    <tr>
        <td class="style1">&nbsp;</td>
        <td>
            <asp:DropDownList ID="DropDownList2" runat="server" Height="28px" Width="196px">
                <asp:ListItem Value="1">Super User</asp:ListItem>
                <asp:ListItem Value="2">Mid Users</asp:ListItem>
                <asp:ListItem Value="5">Entry Users</asp:ListItem>
            </asp:DropDownList>
        </td>
    </tr>
    <tr>
        <td class="style1">&nbsp;</td>
        <td>
            <asp:Button ID="Button3" runat="server" OnClick="Button1_Click"
                Text="Create Password" Width="198px" />
        </td>
    </tr>
</table>
<div align="center">
    <asp:Label ID="Label2" runat="server"></asp:Label>
</div>

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class Atq : System.Web.UI.Page
{
    SqlCommand cmd99 = new SqlCommand();
    SqlConnection conn99 = new SqlConnection();

    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        string insertSQL99;
        insertSQL99 = "INSERT INTO users (";
        insertSQL99 += "username,password,privilege)";
        insertSQL99 += "VALUES('";
        insertSQL99 += TextBox1.Text + "','";
        insertSQL99 += TextBox2.Text + "','";
        insertSQL99 += DropDownList1.SelectedValue.ToString() + "')";
        String connectionString99 = "Data Source=NERE\\SQLEXPRESS01; Initial Catalog= kaging;Integrated Security=True";
        SqlConnection con99 = new SqlConnection(connectionString99);
        SqlCommand cmd99 = new SqlCommand(insertSQL99, con99);
        int added99 = 0;

        try
        {
            con99.Open();
            added99 = cmd99.ExecuteNonQuery();
            // Label007.Text = added.ToString();
            if (added99 == 1)
            {
                Label1.Text = "Done";
            }
            else
            {

            }
        }
        catch (Exception err)
        {
            Response.Write(err.ToString());
        }
        finally
        {
            con99.Close();
        }
    }
}

Download FREE API for Word, Excel and PDF in ASP.Net

dharmend...

0 7

Reply
ANSWER
User: dharmendr
Replied: on May 12, 2021 11:55 PM
Modified: on May 13, 2021 12:00 AM
Report

lingers says:

cmd.Parameters.AddWithValue("@password", Encrypt(TextBox2.Text.Trim()));

You are inserting Encrypted password in database.

lingers says:

cmd.Parameters.AddWithValue("@password", Decrypt(TextBox4.Text.Trim()));

On login click you are not passing the encrypted string. You are passing normal string. So before sending the password to database for verification you need to Encrypt again to match.

Refer updated code.

protected void Button2_Click(object sender, EventArgs e)
{
    selectSQL = "select * from users WHERE " + "username = @username AND password = @password ";
    dbConn.ConnectionString = "Data Source=NERE\\SQLEXPRESS01; Initial Catalog= kaging;Integrated Security=True";
    cmd.Connection = dbConn;
    cmd.CommandText = selectSQL;
    cmd.CommandType = CommandType.Text;
    cmd.CommandType = CommandType.Text;
    cmd.Parameters.AddWithValue("@username", TextBox1.Text.Trim());
    cmd.Parameters.AddWithValue("@password", Encrypt(TextBox2.Text.Trim()));
    try
    {
        dbConn.Open();
        Response.Write(selectSQL);
        dr = cmd.ExecuteReader();
        if (dr.Read())
        {
            Response.Redirect("bbbbb.aspx");
        }
        else
        {
            Label1.Text = "Sorry You Can't Login ";
        }
        dr.Close();
    }
    catch (Exception err)
    {
        Label1.Text = "Error Logging in ";
        Label1.Text += err.Message;
    }
    finally
    {
        dbConn.Close();
    }
}

Decrypt will be used to get the actual value from the encrypted string.

Example:

Ao5ZnFYo344iWqv/Jr9euw== is the encrypted value for 1234.

to get actual 1234 you have to call Decrypt("Ao5ZnFYo344iWqv/Jr9euw==")

I agree, here is the link: https://www.e-iceblue.com/Introduce/spire-office-for-net-free.html

Save (Insert) encrypted password in database in ASP.Net using C# and VB.Net

Company

Explore

Follow us

Contact Us