Click here to Skip to main content
15,867,330 members
Please Sign up or sign in to vote.
2.50/5 (2 votes)
See more:
protected void btnLogin_Click(object sender, EventArgs e)
    {

        SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["dbConnection"].ToString());
        SqlCommand cmd = new SqlCommand();
        SqlDataAdapter adp = new SqlDataAdapter();

        con.Open();
        try
        {
            adp=new SqlDataAdapter(@"select convert(varchar(10),DECRYPTBYPASSPHRASE('12',Password))AS Pwd 
            From UserAccount where UserName=@username",con);
            adp.SelectCommand.Parameters.AddWithValue("@username",txtPwd.Text);
            DataSet ds=new DataSet();
            adp.Fill(ds);
            if (ds.Tables[0].Rows.Count == 0)
        {
            lblMessage.Text = "Invalid user";
            txtUserName.Text = "";
            txtPwd.Text = "";
            return;
        }
            string str = (ds.Tables[0].Rows[0]["pwd"]).ToString();
            byte[] bytes = UTF8Encoding.ASCII.GetBytes(str);
            string str2 = UTF8Encoding.ASCII.GetString(bytes);
            Console.WriteLine(str2);

            if (str2 != txtPwd.Text)
        {
            lblMessage.Text = "Invalid Password";
            txtPwd.Text = "";
            txtUserName.Text = "";
            return;
         }
            else
            {
                cmd=new SqlCommand(@"select UserName,convert(varchar(10),DECRYPTBYPASSPHRASE('12',Password))AS Pwd
                From UserAccount where UserName=@username and Password=@password",con);
                cmd.Parameters.AddWithValue("@username", txtUserName.Text); 
                cmd.Parameters.AddWithValue("@password", str2);
                DataSet ds1 = new DataSet();
                adp.Fill(ds1);
                if (ds1.Tables[0].Rows.Count == 0)
                    {
                lblMessage.Text = "Invalid Userid or Password";
                txtUserName.Text = "";
                txtPwd.Text = "";
                }

                else
                {
                Response.Redirect("Welcome.aspx");
                lblMessage.Text = "";
                }
                }
                }
                catch {
                txtUserName.Text = "";
                txtPwd.Text = "";
                }
                txtUserName.Text = "";
                txtPwd.Text = "";

}


can anyone help me..whats wrong in this code..coz from data base its nt accessing..it showing error as invalid Password ...
Posted
Comments
anushripatil 26-Dec-11 6:43am    
Please check the following link
http://chandradev819.wordpress.com/2011/04/11/how-to-encrypt-and-decrypt-password-in-asp-net-using-c/

http://www.codeproject.com/Questions/195713/how-to-encrypt-and-decrypt-password-in-asp-net
RaviRanjanKr 26-Dec-11 17:02pm    
please avoid short text words like 'coz' instead of using 'because' :)

Simple data comparision will not work here.

SQL
select UserName,convert(varchar(10),DECRYPTBYPASSPHRASE('12',Password))AS Pwd
                From UserAccount where UserName=@username and Password=@password

Change above to
XML
select UserName,convert(varchar(10),DECRYPTBYPASSPHRASE('12',Password))AS Pwd
                From UserAccount where UserName=@username and convert(varchar(50),DECRYPTBYPASSPHRASE('12',password))=@password


SQL
Create TABLE myUsers (user_id varchar(20), user_password varbinary(100));

Insert into myUsers values ('firstuser', EncryptByPassPhrase('12','pass'))
Insert into myUsers values ('seconduser', EncryptByPassPhrase('12','pass2'))

select * from myUsers

select * from myUsers Where user_id = 'firstuser'
and convert(varchar(50),DECRYPTBYPASSPHRASE('12',user_password)) = 'pass'
 
Share this answer
 
The whole idea of decrypting a password is totally wrong. A password should never be decrypted; nowhere, by none of the parties. It is absolutely not needed and is dangerous. All safe password techniques use this simple fact. You need to compare encrypted presentation of password for authentication, never original passwords.

—SA
 
Share this answer
 
v2
Comments
theanil 26-Dec-11 14:23pm    
5+
Sergey Alexandrovich Kryukov 26-Dec-11 14:48pm    
Thank you, Anil.
--SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900