Wednesday, 30 March 2011

How to Encrypt the Password and Store it in the Database


Introduction- In the below article I am going to explain how we can encrypt the password and store it in the database. For the storage of the encrypted password I am using varbinary datatype.

Implementation- create a website , add page named encryptedpwd.aspx. place five textboxes named name_txt, address_txt, contact_txt, username_txt, password_txt and a button named submit_button.
Then open the sql server database and create a table named tb_info in your database according to the format that is given below:



Column name                             Datatype
id                                                 int(set auto increment yes)
ename                                          varchar(50)
eaddress                                      varchar(200)
econtact                                       varchar(50)
eusername                                    varchar(50)
epassword                                   varbinary(100)

Database Script for a table tb_info

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
IF NOT EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[tb_info]') AND type in (N'U'))
BEGIN
CREATE TABLE [dbo].[tb_info](
[id] [bigint] IDENTITY(1,1) NOT NULL,
[ename] [varchar](50) NULL,
[eaddress] [varchar](200) NULL,
[econtact] [varchar](50) NULL,
[eusername] [varchar](50) NULL,
[epassword] [varbinary](100) NULL
) ON [PRIMARY]
END

Code fo rencrypted.aspx.cs Page

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Collections;
using System.Globalization;
public partial class passwordencryption : System.Web.UI.Page
{
SqlConnection con = new SqlConnection();


protected void Page_Load(object sender, EventArgs e)
{

}
protected void btn_submit_Click(object sender, EventArgs e)
{
con.ConnectionString = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString;
con.Open();
SqlCommand cmd = new SqlCommand();
//see the insert query, in the insert query i am using "EncryptByPassPhrase('12',@password))"
//This is for the encryption of the password
cmd.CommandText = @"INSERT INTO tb_info(ename,eaddress,econtact,eusername,epassword)
VALUES(@ename,@eaddress,@econtact,@eusername,EncryptByPassPhrase('12',@epassword))";
cmd.Connection = con;
cmd.Parameters.AddWithValue("@ename",name_txt.Text);
cmd.Parameters.AddWithValue("@eaddress", address_txt.Text);
cmd.Parameters.AddWithValue("@econtact", contact_txt.Text);
cmd.Parameters.AddWithValue("@eusername", username_txt.Text); // to store data in the varbinary datatype, there is a need to convert it into the byte[]array
// below i mentioned the method to convert the string data into the byte[] array
string pwd = password_txt.Text;
System.Text.ASCIIEncoding encryptpwd = new System.Text.ASCIIEncoding();
byte[] bpwdArray = encryptpwd.GetBytes(pwd);
cmd.Parameters.AddWithValue("@epassword", bpwdArray);
cmd.ExecuteNonQuery();
cmd.Dispose();
con.Close();
name_txt.Text = "";
address_txt.Text = "";
contact_txt.Text = "";
username_txt.Text = "";
password_txt.Text = "";

}
}
Conclusion
Through this article, you have learned how we can play encrypt the data and store it in the sql server after encryption. To learn how to decrypt the password, see my next article.

4 comments:

  1. I did this but on running this website i got an error message like as follows "An attempt was made to access a socket in a way forbidden by its access permissions." Please help me out.

    Thank you in advance.

    ReplyDelete
  2. this may happen because you may not be login from administarer account in your windows. make sure you are logged in from administrator account not from admin account. Or change role of your user account from sql server management studio as all assistance roles enable fully. hope this will solve this problem

    ReplyDelete
  3. To learn more on Password Encryption in .Net with C# Examples and VB.Net Examples
    In this Example we use MD5 algorithm. Means Encrypt password using MD5 algorithm.
    Visit this link.

    http://jayeshsorathia.blogspot.com/2012/08/net-tips-password-encryption-in-net.html

    ReplyDelete