Wednesday, 30 March 2011

How to do encrypt and decrypt the password in asp.net

Introduction- In this article, i will discuss with you how to decrypt the password after fetching from the database. In my last article , I have been explained , how to encrypt the password and then it srote in the database. Here I am using the code that convert byte[] array to string.

Implementation- create a website , add page named login.aspx. place two textboxes named user_txt, pwd_txt.Text and a button named submit_button and a label named lbl_msg.
Database Script- Please use the script that I have been given in my last article.



Code for login.aspx.cs Page-

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
using System.Collections;
using System.Globalization;
using System.Text;
using System.IO;

public partial class login : System.Web.UI.Page
{
SqlConnection con = new SqlConnection();
SqlDataAdapter adp;
SqlCommand cmd;

protected void Page_Load(object sender, EventArgs e)
{

}
protected void login_btn_Click(object sender, EventArgs e)
{
con.ConnectionString = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString;
con.Open();
try
{
// In the below sql query i am decrypting the encrypted password which is store in the database
adp = new SqlDataAdapter(@"select convert(varchar(10), DECRYPTBYPASSPHRASE ('12',password )) AS PWD
from login_details where uid=@uid ", con);
adp.SelectCommand.Parameters.AddWithValue("@uid", user_txt.Text);
DataSet ds = new DataSet();
adp.Fill(ds);
// this code find the user from database . if yser does't exist in the database
//then label print the msg "Invalid user" & return
if (ds.Tables[0].Rows.Count == 0)
{
lbl_errormg.Text = "Invalid user";
user_txt.Text = "";
pwd_txt.Text = "";
return;
}
// this is the code to convert byte array to string
string str = (ds.Tables[0].Rows[0]["pwd"]).ToString();
byte[] bytes = UTF8Encoding.ASCII.GetBytes(str);
string str2 = UTF8Encoding.ASCII.GetString(bytes);
// in the str2 i am storing the decrypted passwword
Console.WriteLine(str2);
// here i am campairing the password enter by the user with the database entry
// if both will not matched then label print the msg "Invalid Password" & return

if (str2 != pwd_txt.Text)
{
lbl_msg.Text = "Invalid Password";
pwd_txt.Text = "";
user_txt.Text = "";
return;
}
else
{
// In the below sql query i am decrypting the encrypted password which is store in the str2 variablle
cmd = new SqlCommand(@"select uid , convert(varchar(10), DECRYPTBYPASSPHRASE ('12',password )) AS PWD
from login_details where uid=@uid and password=@password", con);
cmd.Parameters.AddWithValue("@uid", user_txt.Text);
cmd.Parameters.AddWithValue("@password", str2);
DataSet ds1 = new DataSet();
adp.Fill(ds1);
// this code find the username & password fron the database id these both are available in the database
//then you can redirect to next page otherwise
// label print the msg "Invalid user" & return
if (ds1.Tables[0].Rows.Count == 0)
{
lbl_msg.Text = "Invalid Userid or Password";
user_txt.Text = "";
pwd_txt.Text = "";
}

else
{
Response.Redirect("next.aspx");
lbl_msg.Text = "";
}
}
}
catch {
user_txt.Text = "";
pwd_txt.Text = "";
}
user_txt.Text = "";
pwd_txt.Text = "";

}
}
Conclusion- Through this article, you have learned how we can convert the encrypted password into decrypted password and do login in ASP.NET .

4 comments: