Click here to Skip to main content
13,828,588 members
Rate this:
 
Please Sign up or sign in to vote.
See more:
i have a table users in which the columns are sessionid, userid, username, password, roleid and usertype.

The values are as follows:
1) sessionid is c# asp.net page Session.SessionID with varchar(32) as datatype
2) userid is integer datatype starting with 1 and so on and it is not auto_increment
3) username is value entered from the textbox with varchar(30) as datatype
4) password is value entered from the textbox and also encrypting it using RSA Algorithm with varchar(max) as datatype
5) roleid is not required right now but later when the roles have been created the admin will update it later accordingly.... with int as datatype
6) usertype is used to define the user which type for example: Admin,Project manager, Team lead etc., with varchar(20) as datatype.

Now my problem is when user is registering from the asp.net to SQL server the data is inserted as normal but password is 2048 hash registering only 20 characters and usertype is of varchar(20) inserting only 3 characters like Adm, Pro for (Project Manager).

I am having another problem after registering the account redirecting it to login page to login the particular user but the problem exists here that
http://localhost:7518/(S(rbgid3fbbhidltfcywqv3435))/Login.aspx[^]

why i am getting an extra in url and what it says i doesn't know what is the error please tell me the solution for this issue

What I have tried:

string uname = Request.Form["username"].ToString();
string password = Request.Form["password"].ToString();
string utype = Request.Form["usertype"].ToString();
Int32? roleid = null;

SqlConnection con = new SqlConnection(strCon);
SqlCommand cmd = new SqlCommand("SELECT UserID FROM Users", con);
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (!dr.HasRows)
{
   UserID = 1;
}
ObjUser.SessionID = Session.SessionID;
ObjUser.UserID = UserID == 1 ? 1 : UserID++;
ObjUser.UserName = uname;
ObjUser.Password = RSAEncrypt(password);
ObjUser.UserType = utype;
ObjUser.ObjRole.RoleID = roleid;

cmd.Parameters.AddWithValue("@chvSessionID", ObjUser.SessionID);

cmd.Parameters.AddWithValue("@intUserID", ObjUser.UserID);

cmd.Parameters.AddWithValue("@chvUserName", ObjUser.UserName);

cmd.Parameters.AddWithValue("@chvPassword", ObjUser.Password);

cmd.Parameters.AddWithValue("@intRoleID", ObjUser.ObjRole.RoleID == null ? (object)DBNull.Value : ObjUser.ObjRole.RoleID).SqlDbType = SqlDbType.Int;

cmd.Parameters.AddWithValue("@chUserType", ObjUser.UserType);
Posted
Updated 4 days ago

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Don't encrypt passwords - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
   
Comments
Member 8583441 4 days ago
   
now i am doing any encryption but creating hashbytes for password in SQL server as explained by
https://www.mssqltips.com/sqlservertip/4037/storing-passwords-in-a-secure-way-in-a-sql-server-database/
as is done perfectly but when comes into C# ASP.Net not getting the output returning error. Please help me in this point
Member 8583441 4 days ago
   
problem is solved... the error occurred at stored procedure parameter initialization in data access layer in c# asp.net. When i changed that parameter the error occurred. Thanks a lot sir for giving me the way to store the password.
OriginalGriff 4 days ago
   
You're welcome!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web01 | 2.8.190114.1 | Last Updated 11 Jan 2019
Copyright © CodeProject, 1999-2019
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100