|
Hi,
I got it.Thanks for your assistance.
Looking forward for your suggestions in future.
cheers,
sneha
|
|
|
|
|
sneha Choudhary wrote: . Is there any chance that when the username and passwords
Wondering why you are keeping password in session? Are you storing the password as plain text in DB?
|
|
|
|
|
Hi,
N a v a n e e t h wrote: Are you storing the password as plain text in DB?
Yes It is stored as clear text. What should I do. Should I encrypt it.
Please suggest me..
cheers,
sneha
|
|
|
|
|
sneha Choudhary wrote: Should I encrypt it
Hash it. Passwords stored as plain text is not secure. Better method is to hash the password and store the computed hash in database. When user enters password for authentication, has it and compare the hash with the value stored in DB. System.Security.Cryptography[^] got many classes to work with. Check SHA[^] implementation.
|
|
|
|
|
Hi,
Thanks a lot. I will definitely do like that. My heartiest thanks to you.
cheers,
sneha
|
|
|
|
|
N a v a n e e t h wrote: Hash it. Passwords stored as plain text is not secure. Better method is to hash the password and store the computed hash in database. When user enters password for authentication, has it and compare the hash with the value stored in DB. System.Security.Cryptography[^] got many classes to work with. Check SHA[^] implementation.
Hi,
As you suggested I did it but login is not working. I did like this.
protected void Button1_Click(object sender, EventArgs e)
{
string pwd = Txtpassword.Text.Trim();
string hashpwd = FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, "SHA1");
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["newcon"].ConnectionString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "Select userid,username,password,first_name from USERS where username=@username and password=@password";
cmd.Parameters.Add("@username", SqlDbType.NVarChar, 50).Value = Txtusername.Text.Trim();
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 50).Value = hashpwd;
try
{
cmd.Connection.Open();
SqlDataReader rdr = cmd.ExecuteReader();
while(rdr.Read())
{
uid = (rdr["userid"]).ToString();
fname = (rdr["first_name"]).ToString();
uname = (rdr["username"]).ToString();
Session["uname"] = uname;
Session["userid"] = uid;
if (uname != null)
{
Session["Logged"] = "Yes";
Session["User"] = fname;
Label6.Text = (Session["URL"]).ToString();
Response.Redirect(Label6.Text);
}
else
{
}
}
}
catch (SqlException se)
{
Lblmsg.Text = se.Message;
}
catch (Exception ee)
{
Lblmsg.Text = ee.Message;
}
finally
{
cmd.Connection.Close();
}
}
PLease assist me..
cheers,
sneha
|
|
|
|
|
Is your server is local for application or remote. You can use sql encryption for encrypt the password while saving and decrypt same key of sql. (If server is local).
The way u r doing, i think is not good. Where is your key for encryption and decryption?
Regards
Anil Pal
|
|
|
|
|
anilpal wrote: Is your server is local for application or remote.
Hi Anil Pal,
My server is local.I am little bit confused in that. Can I ask you few things.
1.When I used this hashed technique with a setting in web.config like
<sessionstate mode="InProc" cookieless="AutoDetect" regenerateexpiredsessionid="true" timeout="30">
It is working fine. But when I changed the cookieless="UseUri" It is not working.why?
2. Can you please tell me the pros and cons of using Sql encryption techniques and hased technique.
cheers,
sneha
|
|
|
|
|
Hi Senha,
Please have look for encryption and decryption from code behind:
http://www.codeproject.com/script/Forums/View.aspx?fid=12076&msg=2941892
have posted for querystring but u can use same for yr need.
Tommarrow i'll let know the pros and cons abt code and sql encryption.
Now i have to go home.
Regards
Anil Pal
|
|
|
|
|
Sorry above link is working ,pls go through below code
Follow the below steps: I am posting with small exmaple
A.Code in sender page of uery string
1.string strID = "A0123456789";
2. Response.Redirect("../Search/DocumentSearch.aspx?ID=" + Encrypt(strID));
3.public string Encrypt(string strValue)
{
string encryptedResult = String.Empty;
string passPhrase = "Pas5pr@se";
string saltValue = "s@1tValue";
string hashAlgorithm = "SHA1";
int passwordIterations = 2;
string initVector = "@1B2c3D4e5F6g7H8";
int keySize = 256;
byte[] initVectorBytes;
initVectorBytes = Encoding.ASCII.GetBytes(initVector);
byte[] saltValueBytes;
saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
byte[] plainTextBytes;
plainTextBytes = Encoding.UTF8.GetBytes(strValue);
PasswordDeriveBytes password;
password = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations);
byte[] keyBytes;
keyBytes = password.GetBytes((keySize / 8));
RijndaelManaged symmetricKey;
symmetricKey = new RijndaelManaged();
symmetricKey.Mode = CipherMode.CBC;
ICryptoTransform encryptor;
encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes);
MemoryStream memoryStream;
memoryStream = new MemoryStream();
CryptoStream cryptoStream;
cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
cryptoStream.FlushFinalBlock();
byte[] cipherTextBytes;
cipherTextBytes = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
string cipherText;
cipherText = Convert.ToBase64String(cipherTextBytes);
return cipherText;
}
B. Code in receiver page of querystring
1.string strID = Request.QueryString["ID"].ToString();
string plainValue= Decrypt(strID);
2. public string Decrypt(string encryptedResult)
{
string passPhrase = "Pas5pr@se";
string saltValue = "s@1tValue";
string hashAlgorithm = "SHA1";
int passwordIterations = 2;
string initVector = "@1B2c3D4e5F6g7H8";
int keySize = 256;
byte[] initVectorBytes;
initVectorBytes = Encoding.ASCII.GetBytes(initVector);
byte[] saltValueBytes;
saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
byte[] cipherTextBytes = new byte[encryptedResult.Length] ;
cipherTextBytes = Convert.FromBase64String(encryptedResult);
PasswordDeriveBytes password;
password = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations);
byte[] keyBytes;
keyBytes = password.GetBytes((keySize / 8));
RijndaelManaged symmetricKey;
symmetricKey = new RijndaelManaged();
symmetricKey.Mode = CipherMode.CBC;
ICryptoTransform decryptor;
decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes);
MemoryStream memoryStream;
memoryStream = new MemoryStream(cipherTextBytes);
CryptoStream cryptoStream;
cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
byte[] plainTextBytes= new byte [encryptedResult.Length ] ;
//object plainTextBytes;
int decryptedByteCount;
decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
memoryStream.Close();
cryptoStream.Close();
string plainText;
plainText = Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
return plainText;
}
Cheers!
Regards
Anil Pal
|
|
|
|
|
Hi Anil Pal,
anilpal wrote: Tommarrow i'll let know the pros and cons abt code and sql encryption.
Now i have to go home.
Please tell me the benefits of using sql encryption over hashing the passwords in the database.
Actually in hashing there is no need of using the key in code.It is done automatically.
cheers,
sneha
|
|
|
|
|
N a v a n e e t h wrote: Better method is to hash the password and store the computed hash in database.
Hi,
I hashed the passwords in the database.If I have this setting in web.config:
<sessionstate mode="InProc" cookieless="UseCookies" regenerateexpiredsessionid="true" timeout="30">
then only it is working. Whenever I change the cookieless="UseUri" it is not working.Please assist me.
cheers,
sneha
|
|
|
|
|
Hi all,
Can any one help me out How to run asp pages in .net application.. when i click a click in my aspx page it should redirect to .asp page..In my case what happening is when i click on the link in aspx page it is not giving any error message but IE progress bar dragging continuously and not opening the .asp page..
Please help me out..
Thanks in advance.
fttyhtrhyfytrytrysetyetytesystryrty
|
|
|
|
|
Hey, You simple need to create virtual directory for those ASP pages and then simply redirect on that.
Feel free to ask
Cheers!
Regards
Anil Pal
|
|
|
|
|
Hi anil,
i already created Virtual directory for this application.My asp.net pages are running properly, but only asp pages are not opening...
fttyhtrhyfytrytrysetyetytesystryrty
|
|
|
|
|
Hmm.. its seem that may be yr asp pages have problem. Can u try to excute asp pages from browser and test whether they are working fine or not.
Regards
Anil Pal
|
|
|
|
|
Hi friends,
I want to create drop down lists for all the rows of a gridview. But i dont want to use TemplateField because i want to give different id's for all drop downs. Can anybody help me please.
scarface
|
|
|
|
|
Hi friend,
Can u provide yr exact requirement, like why u need to give unique ID to all Dropdown list at server side. So that i can help u.
And what problem u have with TemplateField?
Regards
Anil Pal
|
|
|
|
|
Hi,
I am trying to create two sets of drop down lists in a gridview. If i change the index of the first drop down, the values of the corresponding drop down should change. I used event handler for the first drop down, but if i change the index of any one of the drop downs in the first set, all the values of second drop downs are getting changed.
scarface
|
|
|
|
|
Hi,
Now i understand yr problem. So the initialization of second set of dropdown list u can not stop, while changing of index of first set of drop down list.
So to maintain the state of the second dropdown set. First u need to take the state of all the dropdown list from second set and the again u need to set their state while changing the index of first one.
Now please let me know if you code for that or any query.
Regards
Anil Pal
|
|
|
|
|
Please have a look at my code:
<asp:GridView ID="grd" runat="server" OnRowDataBound="grd_RowDataBound">
<Columns>
<asp:TemplateField HeaderText="names">
<ItemTemplate>
<asp:DropDownList ID="name" runat="server" OnSelectedIndexChanged="onSelectChangeddl"></asp:DropDownList>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="age">
<ItemTemplate>
<asp:DropDownList ID="age" runat="server" AutoPostBack="true">
</asp:DropDownList>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
In c# code, i am trying to change the values of the second drop down list based on the value selected in the first. I am doing this as below:
foreach (GridViewRow row in grd.Rows)
{
DropDownList ddl1 = (DropDownList)row.FindControl("name");
DropDownList ddl = (DropDownList)row.FindControl("age");
if (ddl.SelectedValue.ToString() != "---Select---")
{
}
else
{
ddl.Items.Clear();
}
SqlCommand SPComm = new SqlCommand("someStoredProcedure", myConn);
SPComm.CommandType = CommandType.StoredProcedure;
SqlParameter param = SPComm.Parameters.Add("@something", SqlDbType.NVarChar, 50);
param.Value = something;
dr = SPComm.ExecuteReader();
int i = 0;
while (dr.Read())
{
ddl.Items.Insert(i, dr.GetString(0));
}
dr.Close();
ddl.Items.Insert(0, "---Select---");
}
In the above code, all the values in the second drop down list are getting duplicated based on the selected index changed event handler of the first drop down list.
scarface
|
|
|
|
|
Hi,
I have gone through the your code.
int i = 0;
while (dr.Read())
{
ddl.Items.Insert(i, dr.GetString(0));
}
dr.Close();
In the above code where u increment the I . According to yr code there always i=0. Hence it replicate the value. Why u can not use Datatable or dataset. Howevere using of Collection of object is good choice.
Regards
Anil Pal
|
|
|
|
|
i have a task in which
have to rewrite url on post back
on grid view paging
url : ~/abc.aspx
on page index change
url: ~/abc.aspx/page1
|
|
|
|
|
Hi,
Have u try to rewrite the on "PageIndexChanging" event of GridView.
Regards
Anil Pal
|
|
|
|
|
i want when gridview page index change the page url show page no
as
abc.aspx
on postback(on changing new page index of grid view)
abc.aspx/p2
or
abc.aspx?p2
|
|
|
|