Password Encryption and storing into Database

Posted by Nkkppp under ASP.NET on 8/12/2012 | Points: 10 | Views : 1538 | Status : [Member] | Replies : 2
I have a requirement where username and password have to inserted into database when the user enters the data in login page.But the password has to be encrypted for security purpose.I had googled a lot and found a lot of solutions but all them include many lines of code.Below is the code where i require only few lines of code.I have created a table as below and made the password column as varchar(max)

create table Users(Username varchar(20),Password varchar(max))

Below is the page design

<body>
<form id="form1" runat="server">
<div>
Username: <asp:TextBox ID="txtuid" runat="server"></asp:TextBox><br /><br />
Password: <asp:TextBox ID="txtpwd" runat="server"></asp:TextBox>
<br /><br />
<asp:Button ID="btnsub" runat="server" Text="Submit" onclick="btnsub_Click" />
<br /><br />
<asp:Label ID="lblres" runat="server" Text=""></asp:Label>
</div>
</form>
</body>
</html>

The actual code


public partial class PasswordEncrypt : System.Web.UI.Page
{
SqlConnection Cn;
SqlCommand Cmd;
SqlDataAdapter Da;
DataSet Ds;
protected void Page_Load(object sender, EventArgs e)
{
string conn = ConfigurationManager.ConnectionStrings["connection"].ConnectionString;
Cn = new SqlConnection(conn);
Ds = new DataSet();
Cmd = new SqlCommand();
Cmd.Connection = Cn;

}
protected void btnsub_Click(object sender, EventArgs e)
{
string pwd=EncryptPassword(txtpwd.Text);
Cmd.CommandText = "insert into Users values(@Uid,@Pwd)";
Cmd.Parameters.AddWithValue("@Uid", txtuid.Text);
Cmd.Parameters.AddWithValue("@Pwd", pwd);
Cn.Open();
int i=Cmd.ExecuteNonQuery();
if (i > 0)
{
lblres.Text = "Inserted Succesfully";
}
else
lblres.Text = "Failed";
}
private static string EncryptPassword(string password)
{
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(password, false, 1);
return FormsAuthentication.Encrypt(fat);
}
}


1) Everything is fine, few lines of code,easy insertion into database, but i the Password column in database is varchar(max) so every password occupies more than 200bytes in the Database.So, i would like to know whether this will affect the performance of the application and if there is a way to compress the data for this particular column.The above implementation will be quite enough for the security purpose.

2) Even if two users are using the same password i have noticed that the encrypted data looks diff in database.Is there a way to make it the encrypted data look similar so that during login as there will be no signup page,giving access i.e. password to users from backend during support will not be problem.

for eg

From the backend while providing access to users for the first time login,the support engineer will be using the below query

---insert into Users values(username,password)

insert into Users values('jim897','405E63D5844B5E6B1E2AC10497F0F21E1BA')
insert into Users values('john78','405E63D5844B5E6B1E2AC10497F0F21E1BA')

here the password for both the users is same so I need code for such functionality.

Thank you.




Responses

Posted by: Vikash on: 8/12/2012 [Member] Starter | Points: 25

Up
0
Down
Here i have modified your code and defined one method with name Md5AddSecret

public string Md5AddSecret(string strChange)
{
//Change the syllable into UTF8 code
byte[] pass = Encoding.UTF8.GetBytes(strChange);
MD5 md5 = new MD5CryptoServiceProvider();
string strPassword = Encoding.UTF8.GetString(md5.ComputeHash(pass));
return strPassword;
}

protected void btnsub_Click(object sender, EventArgs e)
{
string pwd=Md5AddSecret(txtpwd.Text);
Cmd.CommandText = "insert into Users values(@Uid,@Pwd)";
Cmd.Parameters.AddWithValue("@Uid", txtuid.Text);
Cmd.Parameters.AddWithValue("@Pwd", pwd);
Cn.Open();
int i=Cmd.ExecuteNonQuery();
if (i > 0)
{
lblres.Text = "Inserted Succesfully";
}
else
lblres.Text = "Failed";
}
please use this namespace

using System.Security.Cryptography;
using System.Text;

i hope this will help you a lot...........

Regards,
Vikash Pathak

Nkkppp, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Oswaldlily on: 8/13/2012 [Member] Starter | Points: 25

Up
0
Down
try this
public static string base64Encode(string sData)
{
byte[] encData_byte = new byte[sData.Length];

encData_byte = System.Text.Encoding.UTF8.GetBytes(sData);

string encodedData = Convert.ToBase64String(encData_byte);

return encodedData;

}

public static string base64Decode(string sData)
{

System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();

System.Text.Decoder utf8Decode = encoder.GetDecoder();

byte[] todecode_byte = Convert.FromBase64String(sData);

int charCount = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);

char[] decoded_char = new char[charCount];

utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);

string result = new String(decoded_char);

return result;
}

Nkkppp, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response