Click here to Skip to main content
15,885,914 members
Search within:


How to using sha256 encrypt password on login page in C#
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
i want to try sha256 encrypt password store in Database and making login page with encrypted password

protected void submit_Click(object sender, EventArgs e)
   {
       if (Session["CAPTCHA"] != null && Session["CAPTCHA"].ToString().Equals(txtcaptcha.Text) && Validation.ValUsername(username.Text) && Validation.ValPassword(password.Text))
       {
           SqlConnection cnn = new SqlConnection();
           cnn.ConnectionString = ConfigurationManager.ConnectionStrings["MCC"].ConnectionString;

           SqlCommand cmd = new SqlCommand("select  * from [EmployeeList] where userid = @name", cnn);
           cnn.Open();
           cmd.Parameters.Add("@name", SqlDbType.VarChar).Value = username.Text;
           SqlDataReader dr = cmd.ExecuteReader();

           if (dr.HasRows)
           {
               dr.Read();

               string rnostr = Convert.ToString(Session["rnumb"]) + dr["password"].ToString();
               MD5 md5Hash = MD5.Create();
               string strHash = GetMd5Hash(md5Hash, rnostr);

               if (strHash.ToLower().Trim() == password.Text.ToLower().Trim())
               {
                   Session["id"] = dr["ID"].ToString();
                   Session["role"] = dr["role"].ToString();
                   Session["level"] = dr["Level"].ToString();
                   Session["designation"] = dr["designation"].ToString();
                   Session["name"] = dr["Name"].ToString();
                   Session["mobno"] = dr["MobileNo"].ToString();
                   Session["email"] = dr["Email"].ToString();
                   Session["ip"] = Request.UserHostAddress;

                   Random rd = new Random();
                   HttpCookie ck = new HttpCookie("mcc");
                   ck.HttpOnly = true;

                   Session["ck"] = GetMD5.getMD(rd.Next().ToString());
                   ck["rnd"] = Session["ck"].ToString();
                   Response.Cookies.Add(ck);

                   Database.LogData("Login", username.Text + " " + Session["name"].ToString(), Request.UserHostAddress, Session["id"].ToString(), "");

                   if (Session["role"].ToString() == "admin")
                   {
                       Response.Redirect("~/Auth/adm/Map.aspx", false);
                   }
                   else if (Session["role"].ToString() == "user")
                   {
                       Response.Redirect("~/Auth/usr/OfficerInbox.aspx", false);
                   }
                   else if (Session["role"].ToString() == "entry")
                   {
                       Response.Redirect("~/Auth/rpt/EnterGrievanceUser.aspx", false);
                   }
                   else if (Session["role"].ToString() == "complaint_entry")
                   {
                       Response.Redirect("~/Auth/rpt/EnterComplaint.aspx", false);
                   }
                   else if (Session["role"].ToString() == "GPU")
                   {
                       Response.Redirect("~/Auth/adm/GPUBinCheck.aspx", false);
                   }
                   else if (Session["role"].ToString() == "SanitaryAdmin")
                   {
                       Response.Redirect("~/Auth/adm/BinMaster.aspx", false);
                   }
                   else if (Session["role"].ToString() == "Report")
                   {
                       Response.Redirect("~/Auth/adm/LocWiseReport.aspx", false);
                   }

                   else if (Session["role"].ToString() == "Nodal")
                   {
                       Response.Redirect("~/Auth/usr/ComplMark.aspx", false);
                   }
               }
               else
               {
                   Database.LogData("LoginFailure", username.Text, Request.UserHostAddress,"", "");
                   MessageBox("Incorrect User Name or Password");
               }
           }
           else
           {
               Database.LogData("LoginFailure", username.Text, Request.UserHostAddress, "", "");
               MessageBox("Incorrect User Name or Password");
           }
           dr.Dispose();
           cnn.Close();
       }
       else
       {
           Database.LogData("LoginFailure", username.Text, Request.UserHostAddress, "", "");
           MessageBox("Incorrect verification string or username or password");
       }
       Random rd1 = new Random();
       MD5 md5Hash1 = MD5.Create();
       string strHash1 = GetMd5Hash(md5Hash1, rd1.Next().ToString());
       Session["rnumb"] = strHash1;
       hfrandam.Value = Session["rnumb"].ToString();
       //submit.Attributes.Add("onClick", "return EncryptPassword1('" + Session["rnumb"].ToString() + "');");
   }





function EncryptPassword1() {
try {
var x = document.getElementById('').value;

if (document.getElementById('').value == '') {
alert('Enter username');
document.getElementById('').value = ''
document.getElementById('').focus();
return false;
}

if (document.getElementById('').value == '') {
alert('Enter password');
document.getElementById('').value = ''
document.getElementById('').focus();
return false;
}

if (document.getElementById('').value != "") {
var md5encypt = hex_md5(document.getElementById('').value);
var passstr = x + (md5encypt);
document.getElementById('').value = hex_md5(passstr);
}
}
catch (err) {
alert(err.message);
}
}

What I have tried:

i want to try sha256 encrypt password store in Database and making login page with encrypted password
Posted
Updated 10-Jul-18 20:31pm
v2
Add a Solution
Comments
Nishant.Chauhan80 11-Jul-18 2:24am    
any example through javascript sha256

1 solution

First off, SHA256 is not encryption - it's a hashing algorithm, which is a very different thing. Hashing cannot be reversed, encryption can - which is why SHA is what you should use for passwords.

Have a look here: Password Storage: How to do it.[^] - it uses SHA1 rather than SHA256, but that's a simple change!
 
Share this answer
 
Posted
Comments
Nishant.Chauhan80 11-Jul-18 2:22am    
i want to use sha256
OriginalGriff 11-Jul-18 2:25am    
And as I said, that is a simple change. What part of it can't you do?
Nishant.Chauhan80 11-Jul-18 2:31am    
see my code
OriginalGriff 11-Jul-18 3:14am    
That's not an SHA256 - it';d MD5, which is not recommended for new projects as it has been "broken" for nearly a decade!
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Password encryption using sha256 C#
decrypt sha256 password
making login page with encrypted password
How I can get sha256 VB.NET
How encrypt password and decript at login table
how to login in user with encrypted username and password
How to decrypt the encrypted password in database for login?
Javascript encryption of password
How to deny or redirect to login page if user not make login to my web application ?
Redirect to login page, if user accesses the url from browser

Advertise
Privacy
Cookies
Terms of Use
Last Updated 11 Jul 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900