Click here to Skip to main content
15,846,899 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Dear All,

I am developing a website for which I am registering Users. While registering Users I am encrypting the password supplied by them while registration.

But, I am facing the problem while I am trying to login. I again encrypt the password and compare, but it does not login.

Below is the code.

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;

public partial class UserLogin : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    private static DataTable LookupUser(string Username)
    {
        Utlities cstring = new Utlities();
        string cs = cstring.ConnString();

        const string query = "select password from krs_project.dbo.krs_userinfo (NOLOCK) where krs_user_name=@Username";
        DataTable result = new DataTable();
        using (SqlConnection conn = new SqlConnection(cs))
        {
            conn.Open();
            using (SqlCommand cmd = new SqlCommand(query, conn))
            {
                cmd.Parameters.Add("@Username", SqlDbType.NChar).Value = Username;
                using (SqlDataReader dr = cmd.ExecuteReader())
                {
                    result.Load(dr);
                }
            }
        }
        return result;
    }

    protected void Button1_Click(object sender, EventArgs e)
    {
        if ((RequiredFieldValidator1.IsValid) && (RequiredFieldValidator2.IsValid))
        {
            using (DataTable dt = LookupUser(TextBox1.Text))
            {
                if (CustomValidator1.IsValid)
                {
                    if (CustomValidator2.IsValid)
                    {
                        Session["Name"] = TextBox1.Text;
                        Session["LoginStatus"] = 1;
                        Response.Redirect("~/QuizTopics.aspx");
                    }
                }
            }
        }
    }

    protected void CustomValidator1_ServerValidate(object source, ServerValidateEventArgs args)
    {
         using (DataTable dt = LookupUser(TextBox1.Text))
         if (dt.Rows.Count == 0)
             args.IsValid=false;
        else
             args.IsValid=true;
    }

    protected void CustomValidator2_ServerValidate(object source, ServerValidateEventArgs args)
    {
         /* Encryption Logic */     
        string encoded_password = "";
        string pwd = "";

        encoded_password = TextBox2.Text;

        byte[] b = new byte[encoded_password.Length];
        b = System.Text.Encoding.UTF8.GetBytes(encoded_password);
        pwd = Convert.ToBase64String(b);

        //using (DataTable dt = LookupUser(TextBox2.Text))
        using (DataTable dt = LookupUser(pwd))
         if (dt.Rows.Count == 0)
             args.IsValid=false;
        else
             args.IsValid=true;
    }
}


Kindly Assist

Mukund
Posted
Updated 2-Dec-10 4:28am
v2
Comments
fjdiewornncalwe 2-Dec-10 9:34am    
There is no encryption taking place according to the code you have provided us. Are we missing anything relevant?

So, you have the user's encrypted password in memory? That's not very secure.

I would encrypt the password and send it (with the user ID) to a stored proc in the database. In the stored proc, search for the userID, and if found, compare the passwords, and then return any user info that might be appropriate (if they're a valid user). Haved the .Net app handle either user data or no data being returned.
 
Share this answer
 
v2
Comments
Mukund Kallapur 2-Dec-10 9:51am    
Dear John,

Thanks for the answer. But here I am encrypting the password in the Registration page, which I have not shown here.

Now I want to encrypt the password, in the Login Page and send it to the Database and compare it with the one already stored there.

Please can u let me know how to accomplish that ??

Many Thanks in Advance.
You declare the LookupUser method as

private static DataTable LookupUser(string Username)


but you are using it as

DataTable dt = LookupUser(pwd)


In other words, the method is expecting a user name as a parameter but you are passing the encrypted password.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900