saving password in encrypted form during registering in login form

Question

0.00/5 (No votes)

See more:

SQL-Server-2008

I already have a Log-in form whose code I have shown below and I only want to know that how to save the password in ENCRYPTED form in sqlserver 2008.

C#

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace WindowsFormsApplication24
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        string msg;
        SqlConnection con = new SqlConnection("Data Source=ITC-002;Initial Catalog=Tempabc;User ID=sa;Password=********");
        SqlCommand cmd;
        DataSet ds = new DataSet();

        private void btn_login_Click(object sender, EventArgs e)
        {
            try
            {
                if (txtbx_name.Text == "" || txtbox_password.Text == "")
                {
                    MessageBox.Show(" Enter UserName and Password .");
                    return;
                }

                cmd = new SqlCommand("SELECT * FROM LoginDetails where Name='" + txtbx_name.Text + "' and Password='" + txtbox_password.Text + "'", con);
                SqlDataAdapter da = new SqlDataAdapter(cmd);
                da.Fill(ds);
                int i = ds.Tables[0].Rows.Count;
                if (i == 1)
                {
                    msg = "Welcome " + txtbx_name.Text;
                    this.Hide();
                    Form2 f2 = new Form2(msg);
                    f2.Show();
                    ds.Clear();

                }
                else
                {
                    MessageBox.Show("Not Registered User or Invalid Name/Password");
                    txtbox_password.Text = "";
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }

        }

        private void btn_register_Click(object sender, EventArgs e)
        {
            try
            {

                if (txtbx_name.Text == "" || txtbox_password.Text == "")
                {
                    MessageBox.Show(" Enter UserName and Password .");
                    return;
                }

                /** checking whether name exists **/
                cmd = new SqlCommand("SELECT * FROM LoginDETAILS where Name='" + txtbx_name.Text + "'", con);
                SqlDataAdapter da = new SqlDataAdapter(cmd);
                da.Fill(ds); //filling dataset
                int i = ds.Tables[0].Rows.Count; //checking rows count in dataset
                if (i > 0)
                {
                    MessageBox.Show("UserName " + txtbx_name.Text + " Already Exists..");
                    txtbox_password.Text = "";
                    ds.Clear(); //clearing dataset
                }
                else
                {
                    /** inserting name and password in table logindetails **/
                    cmd = new SqlCommand("INSERT INTO LOGINDETAILS VALUES('" + txtbx_name.Text + "','" + txtbox_password.Text + "')", con);
                    con.Open();
                    cmd.ExecuteNonQuery();
                    con.Close();

                    msg = "Registered Successfully \n Welcome " + txtbx_name.Text;
                    this.Hide(); //hiding form1
                    Form2 f2 = new Form2(msg);
                    f2.Show(); //showing form2 

                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
                con.Close();
            }

        }
    
    
    
    }
}

Posted 30-Sep-13 23:39pm

alanmaster

Updated 30-Sep-13 23:42pm

codestar007

v4

Add a Solution

Comments

Rob Philpott 1-Oct-13 5:42am

Encrypted? Normally you'd store it as hashed. Is this what you want?

alanmaster 1-Oct-13 5:45am

Yes, you are correct.

alanmaster 1-Oct-13 5:46am

I have heard of using RSA algorithm but i don't know how to use it.

Rob Philpott 1-Oct-13 7:26am

People normally use SHA1 (which is in the Cryptography namespace of .NET). You need to read up on this though and know the dangers. You should consider 'salting' the hash if security is important to you.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Thanks7872 · Answer 1 · 2013-09-30T23:51:00

First of all,you should not store password at all in either form. You should always create hash of the password and store it. The generated result can't be reverted back to its normal form. So at the time of login,you should compare hash to hash, not password to password.

See below links for better understanding.

Password Storage: How to do it.[^]

Beginners guide to a secure way of storing passwords[^]