how to loginpage.aspx password decrypt in asp.net using

Posted by Webmasters964 under ASP.NET on 9/2/2013 | Points: 10 | Views : 1723 | Status : [Member] | Replies : 6
how to loginpage.aspx password decrypt in asp.net using




Responses

Posted by: Webmasters964 on: 9/2/2013 [Member] Starter | Points: 25

Up
0
Down
string pwd = dt.Rows[i]["Password"].ToString();

dt.Rows[i]["Password"] = Decrypt(pwd);
if (UserName == txtUserName.Text && pwd == txtPassword.Text)
{
Session["UserName"] = UserName;
if (dt.Rows[i]["Role"].ToString() == "SuperAdmin")
Response.Redirect("Default.aspx");
}
else
{
lblmsg.Text = "Invalid User Name or Password! Please try again!";
}


Webmasters964, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Allemahesh on: 9/2/2013 [Member] [MVP] Silver | Points: 25

Up
0
Down
You can use the below functions:-

protected void login_btn_Click(object sender, EventArgs e)
{
con.ConnectionString = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString;
con.Open();
try
{
// In the below sql query i am decrypting the encrypted password which is store in the database
adp = new SqlDataAdapter(@"select convert(varchar(10), DECRYPTBYPASSPHRASE ('12',password )) AS PWD from login_details where uid=@uid ", con);
adp.SelectCommand.Parameters.AddWithValue("@uid", user_txt.Text);
DataSet ds = new DataSet();
adp.Fill(ds);
// this code find the user from database . if yser does't exist in the database
//then label print the msg "Invalid user" & return
if (ds.Tables[0].Rows.Count == 0)
{
lbl_errormg.Text = "Invalid user";
user_txt.Text = "";
pwd_txt.Text = "";
return;
}
// this is the code to convert byte array to string
string str = (ds.Tables[0].Rows[0]["pwd"]).ToString();
byte[] bytes = UTF8Encoding.ASCII.GetBytes(str);
string str2 = UTF8Encoding.ASCII.GetString(bytes);
// in the str2 i am storing the decrypted passwword
Console.WriteLine(str2);
// here i am campairing the password enter by the user with the database entry
// if both will not matched then label print the msg "Invalid Password" & return

if (str2 != pwd_txt.Text)
{
lbl_msg.Text = "Invalid Password";
pwd_txt.Text = "";
user_txt.Text = "";
return;
}
else
{
// In the below sql query i am decrypting the encrypted password which is store in the str2 variablle
cmd = new SqlCommand(@"select uid , convert(varchar(10), DECRYPTBYPASSPHRASE ('12',password )) AS PWD from login_details where uid=@uid and password=@password", con);
cmd.Parameters.AddWithValue("@uid", user_txt.Text);
cmd.Parameters.AddWithValue("@password", str2);
DataSet ds1 = new DataSet();
adp.Fill(ds1);
// this code find the username & password fron the database id these both are available in the database
//then you can redirect to next page otherwise
// label print the msg "Invalid user" & return
if (ds1.Tables[0].Rows.Count == 0)
{
lbl_msg.Text = "Invalid Userid or Password";
user_txt.Text = "";
pwd_txt.Text = "";
}

else
{
Response.Redirect("next.aspx");
lbl_msg.Text = "";
}
}
}
catch
{
user_txt.Text = "";
pwd_txt.Text = "";
}
user_txt.Text = "";
pwd_txt.Text = "";

}

Happy Coding

Webmasters964, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Webmasters964 on: 9/2/2013 [Member] Starter | Points: 25

Up
0
Down
str = "Select * from tbl_Login";

cmd = new SqlCommand(str);
sqlda = new SqlDataAdapter(cmd.CommandText, con);
dt = new DataTable();
sqlda.Fill(dt);
RowCount = dt.Rows.Count;
for (int i = 0; i < RowCount; i++)
{
UserName = dt.Rows[i]["UserName"].ToString();
string pwd = dt.Rows[i]["Password"].ToString();
dt.Rows[i]["Password"] = Decrypt(pwd);
if (UserName == txtUserName.Text && pwd == txtPassword.Text)
{
Session["UserName"] = UserName;
if (dt.Rows[i]["Role"].ToString() == "SuperAdmin")
Response.Redirect("Default.aspx");
}
else
{
lblmsg.Text = "Invalid User Name or Password! Please try again!";
}
}


break point Check ..help any idea page redirect ("Default.aspx"); Not !

Webmasters964, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bandi on: 9/2/2013 [Member] [MVP] Platinum | Points: 25

Up
0
Down
Why are you using looping for this?
1)Take input from two text boxes (UserName & Password)....
2) Decrypt Password of the user based on UserName (Mostly UserNames are different for each other)..
SELECT * FROM TableName WHERE UserName = User_Textbox;

3) check for equality of password retrieved from database and user entered password
4) If successful then Response.Redirect("Default.aspx") ; otherwise display "Invalid UserName & Password Message" to user...

-- The following are the encryption & Decryption methods
using System.Text;

private string Encryptdata(string password)
{
string strmsg = string.Empty;
byte[] encode = new byte[password.Length];
encode = Encoding.UTF8.GetBytes(password);
strmsg = Convert.ToBase64String(encode);
return strmsg;
}

private string Decryptdata(string encryptpwd)
{
string decryptpwd = string.Empty;
UTF8Encoding encodepwd = new UTF8Encoding();
Decoder Decode = encodepwd.GetDecoder();
byte[] todecode_byte = Convert.FromBase64String(encryptpwd);
int charCount = Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
char[] decoded_char = new char[charCount];
Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
decryptpwd = new String(decoded_char);
return decryptpwd;
}



string strpassword = Encryptdata(TextBox1.Text); //Enc

string strpassword = Decryptdata(TextBox1.Text); //Dec


Mark This Response as Answer
--
Chandu
http://www.dotnetfunda.com/images/dnfmvp.gif

Webmasters964, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bandi on: 9/2/2013 [Member] [MVP] Platinum | Points: 25

Up
0
Down
May be this is what you are looking for?
          str = "Select * from tbl_Login WHERE username='"+TextBoxValue.Text + "'";

cmd = new SqlCommand(str);
sqlda = new SqlDataAdapter(cmd.CommandText, con);
dt = new DataTable();
sqlda.Fill(dt);
RowCount = dt.Rows.Count;

UserName = dt.Rows["UserName"].ToString();
string pwd = dt.Rows["Password"].ToString();
dt.Rows["Password"] = Decrypt(pwd);
if (UserName == txtUserName.Text && pwd == txtPassword.Text)
{
Session["UserName"] = UserName;
if (dt.Rows["Role"].ToString() == "SuperAdmin")
Response.Redirect("Default.aspx");
}
else
{
lblmsg.Text = "Invalid User Name or Password! Please try again!";
}


Mark This Response as Answer
--
Chandu
http://www.dotnetfunda.com/images/dnfmvp.gif

Webmasters964, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Satyapriyanayak on: 9/2/2013 [Member] [MVP] Silver | Points: 25

Up
0
Down
Login.aspx.cs

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Globalization;
using System.Text;
using System.IO;
using System.Data.SqlClient;

namespace Register_login_Encrypt_Decrypt_Asp
{
public partial class Login : System.Web.UI.Page
{
string connStr = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
SqlCommand com;
SqlDataAdapter sqlda;
DataSet ds,ds1;
string str,str2;

protected void btn_login_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(connStr);
con.Open();
try
{

sqlda = new SqlDataAdapter(@"select convert(varchar(100), DECRYPTBYPASSPHRASE ('pass',password )) AS PWD from employee where name=@name ", con);
Session["name"] = txt_name.Text;
sqlda.SelectCommand.Parameters.AddWithValue("@name", Session["name"]);
ds = new DataSet();
sqlda.Fill(ds);

if (ds.Tables[0].Rows.Count == 0)
{
lbl_msg.Text = "Invalid name";
txt_name.Text = "";
txt_password.Text = "";
return;
}

str = (ds.Tables[0].Rows[0]["PWD"]).ToString();
byte[] bytes = UTF8Encoding.ASCII.GetBytes(str);
str2 = UTF8Encoding.ASCII.GetString(bytes);

if (str2 != txt_password.Text)
{
lbl_msg.Text = "Invalid Password";
txt_password.Text = "";
txt_name.Text = "";
return;
}
else
{
com = new SqlCommand(@"select name , convert(varchar(100), DECRYPTBYPASSPHRASE ('pass',password )) AS PWD from employee where name=@name and password=@password", con);
com.Parameters.AddWithValue("@name", Session["name"]);
com.Parameters.AddWithValue("@password", str2);
ds1 = new DataSet();
sqlda.Fill(ds1);

if (ds1.Tables[0].Rows.Count == 0)
{
lbl_msg.Text = "Invalid name or Password";
txt_name.Text = "";
txt_password.Text = "";
}
else
{
Response.Redirect("Welcome.aspx");
}
}
}
catch (Exception err)
{
lbl_msg.Text = "Error: " + err.ToString();
}
}
}
}


If this post helps you mark it as answer
Thanks

Webmasters964, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response