I am developing a job search website in C# ASP.Net

Question

4.00/5 (1 vote)

See more:

Hello All,
I am developing a job search website in C# ASP.Net.

I have used a RSA Encryption Alogrithm which Encrypts login Id and Password in Database while logging in.

Now when for the second time the same client logs in the webpage. I am not able to track his count for the same website because it gives RSA Encryption error for unmatched Login ID and password.

I don't want a Static Count method provided by Microsoft IDE 2008.

Can any one provide a solution for this
Regards
Amul

Posted 11-Mar-11 21:04pm

Amul V V Wayangankar

Updated 11-Mar-11 21:19pm

Ramalinga Koushik

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-03-11T21:18:00

Without code? No.

First rule of passwords: don't encrypt.
Instead, store the Login ID in clear. That way you can just search for the user, and check the password. Much safer than looking for an encrypted combination which could conceivably be for a different user...
You can also reset a password for a user based on this login name if he forgets.

Then, combine the user entered password with the database stored Login ID (to ensure that Login ID is always the same case) and generate a hash value. It used to be an MD5, but that is not recommended for new systems, so use SHA instead. Compare this value against the database stored value. If it matches, the login passes. If it doesn't, he don't get in.

This way the password is never stored in a form which can in any way be re-generated, even if your entire database is copied. The inclusion of the Login ID in the hash value means that two users with the same password still have different hash values.