how to encrypt and decrypt password in asp.net

Question

2.00/5 (4 votes)

See more:

C#2.0

C#

ASP.NET

sorry for writing in caps
i didnot know that caps writen questios are considered as shouting

Posted 12-May-11 23:36pm

nilu16

Updated 13-May-11 6:01am

v2

Add a Solution

Comments

Sergey Alexandrovich Kryukov 13-May-11 5:44am

Please eliminate all-caps -- this is considered shouting, not polite.
Do you have any question? If so, you can ask it.
--SA

Smithers-Jones 13-May-11 5:48am

Shouting and no question, therefore downvoted.

Sergey Alexandrovich Kryukov 13-May-11 6:15am

In fact you're absolutely right, it deserves exactly 1.
I up-voted only to support the ironic style of my answer...
Cheers,
--SA

Wonde Tadesse 14-May-11 16:35pm

The title and the content of the question don't match. What is this ?

10 solutions

Solution 6

C#

string pass = EncodePassword(txtPassword.Text);

public string EncodePassword(string pass)
   {
       //Declarations
       Byte[] originalBytes;
       Byte[] encodedBytes;
       MD5 md5;
       //Instantiate MD5CryptoServiceProvider, get bytes for original password and compute hash (encoded password)
       md5 = new MD5CryptoServiceProvider();
       originalBytes = ASCIIEncoding.Default.GetBytes(pass);
       encodedBytes = md5.ComputeHash(originalBytes);
       //Convert encoded bytes back to a 'readable' string
       return BitConverter.ToString(encodedBytes);
   }

Posted 12-May-11 23:51pm

Sachida.Ind

Comments

Ra-one 13-May-11 5:56am

my 5 for code

Rick Shaub 13-May-11 10:23am

This is a one-way hash. You can't decrypt it. However, if you added a salt, this would be the prefereable way to store passwords.

BobJanova 13-May-11 10:55am

You shouldn't use MD5 any more for new apps, it is a bit weak these days.

Solution 1

Great! My 5 for the question! This is absolutely right thing to do. Now do it — you got my approval.

[EDIT]
This answer referrs to original formulation of the question where OP informed on what she/he wanted to do, quite reasonably.

Good luck,

—SA

Posted 12-May-11 23:42pm

Sergey Alexandrovich Kryukov

Updated 13-May-11 6:45am

v2

Comments

Marc A. Brown 13-May-11 10:25am

LOL. It's so hard to resist posting this style of answer when we get that style of (non-)question. You get my 5.

Sergey Alexandrovich Kryukov 13-May-11 12:42pm

Thank you Marc. I knew you would understand my feeling to have a little fun.
Maybe this is just a chance to get a little compensation for more and more really frustrating questions coming. :-)
--SA

Solution 3

http://www.dotnetspider.com/resources/22194-password-Encryption-Decryption.aspx[^] could help you.

Posted 12-May-11 23:46pm

Abhinav S

Solution 2

Have you Google on it ? If no then try it you will get your answer.There are several Algo is Available like MD5,SH1,RSA,etc....

well try this out,

[link 1]

[Link 2]

Posted 12-May-11 23:44pm

Pratik Bhesaniya

Solution 4

use hashing algorithms to encrypt your password ... they encrypt data only in one side..once encrypted it cannot be decrypted

Posted 12-May-11 23:47pm

Nick Reshetinsky

Solution 9

To securely store a password so that it can be read back, use the

System.Security.Cryptography.ProtectedData class

C#

public static string ProtectPassword(string password)
{
    byte[] bytes = Encoding.Unicode.GetBytes(password);
    byte[] protectedPassword = ProtectedData.Protect(bytes, null, DataProtectionScope.CurrentUser);
    return Convert.ToBase64String(protectedPassword);
}

public static string UnprotectPassword(string protectedPassword)
{
    byte[] bytes = Convert.FromBase64String(protectedPassword);
    byte[] password = ProtectedData.Unprotect(bytes, null, DataProtectionScope.CurrentUser);
    return Encoding.Unicode.GetString(password);
}

Posted 15-May-11 5:31am

ambarishtv

Comments

amirzf 14-Sep-15 10:07am

this line is error Invalid length for a Base-64 char array or string.
what's problem please help me

byte[] bytes = Convert.FromBase64String(protectedPassword);

thanks

Solution 10

String strConfigurationKey = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(txtKey.Text, "SHA1");

Posted 20-Aug-14 2:13am

abdulrouf

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

BobJanova · Accepted Answer · 2011-05-12T23:48:00

First: don't shout.

Second: ASP.net generally provides automatic user/role management (that is, you do not have to think about secure storage of user data yourself, just use the Membership stuff and LoginPanel etc). Is there a reason you are not using that?

Third: If you do have to do it manually, the standard is to store a hash of the password, not an encrypted version of it, so it is non-recoverable. This means if someone hacks your whole system (or some disaffected person at the company wants to mess with it), they don't get everyone's password, even if they know the encryption algorithm and key. When checking if a login is correct, you hash the password¹ in the same way as you did in the database, and check if they match. A decent hash which is available on all web servers is SHA-1.

(1: Actually, because of 'rainbow tables' – essentially, saved brute force attacks – you should save a hash of the 'salted' password, i.e. adding some text around it. For example, savedPass = SHA-1("hereissomesalttext"+username+password). Putting the user name in there as well means that two users with the same password won't be obvious in the database.)

thatraja · Accepted Answer · 2011-05-12T23:57:00

Solution 7

Look at this Tip/Trick

Password Storage: How to do it.[^]

Posted 12-May-11 23:57pm

thatraja

parmar_punit · Accepted Answer · 2011-05-13T04:20:00

Use HashPasswordForStoringInConfigFile() static method of FormsAuthentication class which is under the System.Web.Security namespace to Encrypt your password string into 32 char encrypted string... you can use MD5 algorithm as well as SSH1 algorithm to encrypt it...

System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(LoginUser.Password, "MD5");

only one disadvantage is that there isn't any other method to decrypt your encrypted string...
For that you have to use other method or you can use any web service from the net that help you to encypt or decrypt your string... There are many web service are there......

Or you can develop your own algorithm to encrypt or decrypt string.. yes It has less security than the other algorithm, but you can do like following....

C#

private string encrypt(string str)
{
        string _result = string.Empty;
        char[] temp = str.ToCharArray();
        foreach (var _singleChar in temp)
        {
                var i = (int)_singleChar;
                i = i - 2;
                _result += (char)i;
        }
        return _result;
}
private string decrypt(string str)
{
        string _result = string.Empty;
        char[] temp = str.ToCharArray();
        foreach (var _singleChar in temp)
        {
                var i = (int)_singleChar;
                i = i + 2;
                _result += (char)i;
        }
        return _result;
}

how to encrypt and decrypt password in asp.net

10 solutions

Solution 5

Solution 6

Solution 7

Solution 1

Solution 8

Solution 3

Solution 2

Solution 4

Solution 9

Solution 10

Add your solution here

Preview 0