How to store passwrod in Encrypted format

Posted by Self-Innovator under ASP.NET on 3/30/2012 | Points: 10 | Views : 16051 | Status : [Member] | Replies : 10
From front end when iam registering the user details how to store the Password in encrypted format..

Join Hands Change lives
Thanks & Regards
Straight Edge Society



Responses

Posted by: Sheonarayan on: 3/30/2012 [Administrator] HonoraryPlatinum | Points: 25

Up
0
Down
It works something like below

1. Encrypt password using any encryption mechanism
2. Store into database
3. While checking for login, encrypt the user entered password with the same encryption mechanism (as 1st point) and check for the record in the database.

You may read below articles too

http://www.dotnetfunda.com/articles/article888-encrypt-and-decrypt-a-password-using-encryptbypassphrase-and-decryptbypassp.aspx
http://www.dotnetfunda.com/articles/article367-encrypting-password-and-store-in-a-database-using-sqlserver.aspx

Hope this helps

Thanks

Regards,
Sheo Narayan
http://www.dotnetfunda.com

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Hmanjarawala on: 3/31/2012 [Member] Bronze | Points: 25

Up
0
Down
Hi,
If you want to store password in encrypted format, the use Convert.ToBase64String(<your-password>) and store resultant string into database.


Mark this as answer, if it helps you............

Himanshu Manjarawala
Sr. Software Engineer@AutomationAnywhere
http://fieredotnet.wordpress.com/

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Self-Innovator on: 3/31/2012 [Member] Bronze | Points: 25

Up
0
Down
Sir i've stored the password in Encrypted format...
now when i am logging how do i retrieve the encrypted passwrd...


Join Hands Change lives
Thanks & Regards
Straight Edge Society

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Hmanjarawala on: 3/31/2012 [Member] Bronze | Points: 25

Up
0
Down
Hi,

you don't required to decrypt your stored password.
do one thing whatever password you enter encrypt it and check that encrypted version with stored one.

if match then ok....


Mark this as answer, if it helps you............

Himanshu Manjarawala
Sr. Software Engineer@AutomationAnywhere
http://fieredotnet.wordpress.com/

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Self-Innovator on: 3/31/2012 [Member] Bronze | Points: 25

Up
0
Down
Hi Hmanjarawala....
this is My Insert Sp
ALTER PROC [dbo].[spAddUserDetails]

@Uid CHAR(4),
@Pwd VARCHAR(40),
@Name VARCHAR(70),
@DesigCode CHAR(3),
@Email VARCHAR(50),
@TelNo VARCHAR(25)=NULL,
@HandPhNo VARCHAR(25)=NULL,
@active bit
AS
BEGIN
DECLARE @chkDesigCode CHAR(3)
INSERT INTO tblUserMst VALUES(@Uid,EncryptByPassPhrase('12',@Pwd),@Name,@DesigCode,@Email,@TelNo,@HandPhNo,@active)

END

For the Same i need a get Sp while user Logging in it should chek...i've tried but its not wrking...
chek this.,..
CREATE PROC spGetUsers

@UName CHAR(4),
@Pwd VARBINARY(100)
AS
BEGIN
Select * from tblUserMst where UserID=@UName and Password=@Pwd
END


Join Hands Change lives
Thanks & Regards
Straight Edge Society

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Hmanjarawala on: 3/31/2012 [Member] Bronze | Points: 25

Up
0
Down
Ok,
try this

CREATE PROC spGetUsers

@UName CHAR(4),

@Pwd VARBINARY(100)

AS

BEGIN

Select * from tblUserMst where UserID=@UName and Password=EncryptByPassPhrase('12',@Pwd)

END



Mark this as answer, if it helps you............


Himanshu Manjarawala
Sr. Software Engineer@AutomationAnywhere
http://fieredotnet.wordpress.com/

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Self-Innovator on: 3/31/2012 [Member] Bronze | Points: 25

Up
0
Down
Eception
Exception occursscript language='javascript'>alert('Implicit conversion from data type nvarchar to varbinary is not allowed. Use the CONVERT function to run this query.');..


Join Hands Change lives
Thanks & Regards
Straight Edge Society

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Hmanjarawala on: 3/31/2012 [Member] Bronze | Points: 25

Up
0
Down
Ok, pass you password as a string...here

Himanshu Manjarawala
Sr. Software Engineer@AutomationAnywhere
http://fieredotnet.wordpress.com/

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Sksamantaray on: 3/31/2012 [Member] Silver | Points: 25

Up
0
Down
Hi,Self-Inovator,
You can use MD5 technology for password encryption, simple yet secured.
For a sample code:
http://www.aspnettutorials.com/tutorials/advanced/md5-secret-aspnet2-csharp.aspx

Thanks,
Sanjay

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Aduni on: 6/29/2012 [Member] Starter | Points: 25

Up
0
Down
hai.. i want to ask about the correct way to update the password in asp.net c#
UpdateCmd.CommandText = @"UPDATE staffHR SET password = EncryptByPassPhrase(@password, convert(varbinary,password)) WHERE username = @username";
UpdateCmd.Connection = con;
string pwd = TextBox1.Text;
System.Text.ASCIIEncoding encryptpwd = new System.Text.ASCIIEncoding();
byte[] bpwdArray = encryptpwd.GetBytes(pwd);
UpdateCmd.Parameters.AddWithValue("@username", Label1.Text);
UpdateCmd.Parameters.AddWithValue("@password", bpwdArray);
UpdateCmd.ExecuteNonQuery();
UpdateCmd.Dispose();
con.Close();

this code not update the column, but not have any error.. anyone help me plizz

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response