login password encryption [Resolved]

Posted by Rickeybglr under ASP.NET on 8/25/2011 | Points: 10 | Views : 6063 | Status : [Member] | Replies : 8
hello guys,

my requirement is tht, my login detail (password) should be stored in an encryptd form in DB. and whn i try to retrieve it, it shud go thru decrypt algo. how can i achieve ths?? the other thng is tht: i have to write algo in logic layer in simple form
Here is my code:
login.aspx.cs protected void Button1_Click(object sender, EventArgs e)
{
String strShowName = txtUsrName.Text.ToString();
Session["ShowName"] = strShowName; //session will store username
try
{ string strUserName = txtUsrName.Text;
string strPassword = txtPswd.Text;
logic objBAL = new logic(); //creating object of business layer class
objBAL.userLogin(strUserName, strPassword);}.....


logic.cs: public void userLogin(string strUserName, string strPassword)
{ try
{
datalayer objDAL = new datalayer();//creating DL object
objDAL.userLogin(strUserName, strPassword);
}

datalayer.cs: public void userLogin(string strUserName, string strPassword)
{
sqlconnection.Open();
try
{
SqlCommand cmd = new SqlCommand("UserVerifivation", sqlconnection);
cmd.CommandType = CommandType.StoredProcedure;

cmd.Parameters.AddWithValue("@strUserName", strUserName);
cmd.Parameters.AddWithValue("@strPassword", strPassword);

SqlParameter identifyUser = new SqlParameter("@userType", SqlDbType.NVarChar);
identifyUser.Size = 6;
identifyUser.Direction = ParameterDirection.Output;

cmd.Parameters.Add(identifyUser);
cmd.ExecuteNonQuery();
string role = cmd.Parameters["@userType"].Value.ToString();
logic objBAL = new logic();
objBAL.validateUser(role); //calling validateuser method for identifying type of user
}

SP:

ALTER PROCEDURE [dbo].[UserVerifivation]
(
@strUserName nvarchar(50) OUTPUT,
@strPassword nvarchar(50),
@userType nchar(50) OUTPUT
)
AS
BEGIN TRY
SET @userType=(SELECT nn_user_type
FROM tb_registration1
WHERE uni_username=@strUserName AND ck_password=@strPassword)
SELECT @userType
END TRY
BEGIN CATCH
SELECT
ERROR_NUMBER() as ErrorNumber,
ERROR_MESSAGE() as ErrorMessage;

END CATCH




Responses

Posted by: Ndebata on: 8/25/2011 [Member] Starter | Points: 25

Up
0
Down
Hi
For security purpose do not encrypt and decrypt password, instead you can use one way hashing algorithm to encode it then store it in db and upon login again try to hash the entered password and match with that of stored in database to check valid or not.

Thanks,
Debata

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rickeybglr on: 8/25/2011 [Member] Starter | Points: 25

Up
0
Down
hey thnx Ndebata..for ur suggestion, but i dnt hv any idea abt ths can u plz provide the code for ths if u hav... if u dnt hv ...can u plz tell me the way or idea to implement ths !!!!

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rickeybglr on: 8/25/2011 [Member] Starter | Points: 25

Up
0
Down
hey thnks deepak ...

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Vinay13mar on: 11/14/2012 [Member] Starter | Points: 25

Up
0
Down
please check the below link . while entering the password just encrypt it


http://www.dotnetpools.com/Article/ArticleDetiail/?articleId=79&title=How To Write a Simple Login Page In Asp.net



Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Jacketman on: 11/14/2012 [Member] Starter | Points: 25

Up
0
Down
Just want you know that your post helps!

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Nkkppp on: 11/16/2012 [Member] Starter | Points: 25

Up
0
Down
Hi,

Check out this link for a very simple hash algo

http://www.codeproject.com/Tips/186585/Password-Storage-How-to-do-it

Very useful, secure and easy to implement.

----Prathap.

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Lavanyadeepak on: 11/26/2012 [Member] Starter | Points: 25

Up
0
Down
I would suggest XCrypt

http://www.codeproject.com/Articles/483490/XCrypt-encryption-decryption-class-wrapper

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response