ASP.NET - How to Encrypt and Decrypt the Password in asp.net using c#?

Asked By Nani g on 10-Aug-10 04:52 PM
Hi all,

       How to Encrypt and Decrypt the Password in asp.net using C#?


Thank u

Nani
Peter Bromberg replied to Nani g on 10-Aug-10 05:40 PM
Do you want to hash the password which is the standard ASP.NET Forms Authentication / Membership procedure, or do you want to fully encrypt/decrypt a password because you have some non-standard (custom) arrangement?

The FormsAuthentication.HashPasswordForStoringInConfigFile method will create an MD5 or SHA1 hash of the password that would be stored in the database. When a user logs in , this same hash is taken on their entered password and that is compared to the stored hash.

Which do you want?
Super Man replied to Nani g on 10-Aug-10 11:33 PM

How to encode a password


private string base64Encode(string sData)
{
try
{
byte[] encData_byte = new byte[sData.Length];
 
encData_byte = System.Text.Encoding.UTF8.GetBytes(sData);
 
string encodedData = Convert.ToBase64String(encData_byte);
 
return encodedData;
 
}
catch(Exception ex)
{
throw new Exception("Error in base64Encode" + ex.Message);
}
}

HOW TO DECODE IT

public string base64Decode(string sData)
 
{
 
System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
 
System.Text.Decoder utf8Decode = encoder.GetDecoder();
 
byte[] todecode_byte = Convert.FromBase64String(sData);
 
int charCount = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
 
char[] decoded_char = new char[charCount];
 
utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
 
string result = new String(decoded_char);
 
return result;
 
}

HOW TO USE:

pass the passwd at the time of registration process to that function and save it in database .at the time of login retrive it and decode it and compare with password entered by user,if satisfy then redirect to another page else will be in correct email or userid or password.

calling function for encode

string pwed = base64encode(val);

calling function for decode

string pwed = base64Decode(val);


Super Man replied to Nani g on 10-Aug-10 11:36 PM

you can make use of MD5 hashing algorithm to encrypt password.

md5 is a one-way procedure.

means you can only encrypt it. decrypt is not possible.

means once you get password from user (registration time), then you encrypt password and save it to database.

next time when user entered password, then you can not decrypt the password from the database.

but

you have to encrypt the password(means log in time not registration-time), then you have to check user-entered password hash with the database password hash.

if both are matching then, give user to access website.

you can see this example of md5 hashing..

using System;

using System.Security.Cryptography;

using System.Text;

class Example

{

    // Hash an input string and return the hash as

    // a 32 character hexadecimal string.


    static string getMd5Hash(string input)

    {

      // Create a new instance of the MD5CryptoServiceProvider object.

      MD5 md5Hasher = MD5.Create();


      // Convert the input string to a byte array and compute the hash.

      byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));


      // Create a new Stringbuilder to collect the bytes

      // and create a string.

      StringBuilder sBuilder = new StringBuilder();


      // Loop through each byte of the hashed data

      // and format each one as a hexadecimal string.

      for (int i = 0; i < data.Length; i++)

      {

        sBuilder.Append(data[i].ToString("x2"));

      }


      // Return the hexadecimal string.

      return sBuilder.ToString();

    }


    // Verify a hash against a string.

    static bool verifyMd5Hash(string input, string hash)

    {

      // Hash the input.

      string hashOfInput = getMd5Hash(input);


      // Create a StringComparer an compare the hashes.

      StringComparer comparer = StringComparer.OrdinalIgnoreCase;

      if (0 == comparer.Compare(hashOfInput, hash))

      {

        return true;

      }

      else

      {

        return false;

      }

    }


    static void Main()

    {

      string source = "Hello World!";

      string hash = getMd5Hash(source);

      Console.WriteLine("The MD5 hash of " + source + " is: " + hash + ".");

      Console.WriteLine("Verifying the hash...");

      if (verifyMd5Hash(source, hash))

      {

        Console.WriteLine("The hashes are the same.");

      }

      else

      {

        Console.WriteLine("The hashes are not same.");

      }

    }

}

Somnath replied to Nani g on 24-Mar-11 01:55 AM
given coding for encryption and decryption is working fine.
Thank you.