Click here to Skip to main content
14,452,932 members
Rate this:
Please Sign up or sign in to vote.
See more:
<pre lang="text">
i have two windows form app one of them server and the other client , the client have a screen that lets the user enter the username and pass. the problem is how to send user name and password to the server that is connected to a database , and return the result of the operation to client . i am programminghttp://www.codeproject.com/Questions/ask.aspx# using c#.net any advice
Posted
Rate this:
Please Sign up or sign in to vote.

Solution 2

Basically, you need connection and communication based on TCP, which is the lowest level you need. It can be done on one of several different levels of networking, remoting or WCF.
Please see my overview of these approaches in my past solutions:
how i can send byte[] to other pc[^],
Communication b/w two Windows applications on LAN.[^].

—SA
   
Comments
Member 10304968 9-Dec-13 18:01pm
   
thank u i have used two sockets, and i separated between the username and password with a special char , and used the socket.send() , socket.receive() methods
Rate this:
Please Sign up or sign in to vote.

Solution 3

Try out Integra Client/Server API at http://oelsoft.com
   
Rate this:
Please Sign up or sign in to vote.

Solution 1

In Win Forms, the client is connected to the server (and vice-versa) using the WinSock API. It is a relatively straight forward process. MSDN's documentation, Running the Winsock Client and Server Code Sample[^], should help.

By the way, you should perform encryption on the data being passed between the client and the server. There are a number of ways to accomplish this but you must insure that the password passed between client and server is encrypted and that the password that is stored in the database is protected.
   
Comments
   
The idea of "storing" а password in a database is really, really bad. In any systems not illiterate from the security standpoint, passwords (in a literate meaning of this word) are never stored, this is absolutely not needed for authentication. Instead, their cryptographic hash function is stored, and hash is compared with hash. And hash is not "encryption" at all. The idea of using "encryption" is also a very dangerous one, because, unlike the hash, everything encrypted can be decrypted. Remember the actual password should be kept secret even from all of the administrators, regardless the access privileges.

Maybe you did not mean literately "encryption", I don't know. If you mean hash or something combined with hash, it could be fine (I don't know why doing so, but...). Could you honestly tell us, did you know about it, or you really meant "encryption" and storing passwords...

By the way, this is not enough, and HTTPS (or its equivalent) should be used for perfect security, which is a separate topic...

—SA
gggustafson 9-Dec-13 8:53am
   
You are putting words in my mouth. I take umbrage at that.

I stated that transmission from client to server should be encrypted. Do you disagree?

I stated that the password in the database must be protected. Do you disagree?

I never discussed hashes. Because the OP appears to be relatively new at this topic, I just warned that certain security measures be taken. If discussions of how to use hashing algorithms and salting are needed, a web search will return what OP requires.
   
Sorry if I put words in your mouth. I tried to mention that I am not certain that you mean exactly this ("I don't know"). But here is the thing: if I put some words in you mouth because I misunderstood you, anyone else could misunderstand you in the same way. What I try to point out is a very common mistake, a really big one.

It is very easy to think that "password passed between client and server is encrypted" means encryption of passwords and not hashing it.

It is very easy to think that "the password that is stored" means that you advise to store password. And a password should never ever stored. (Do you disagree?)

And now, you are changing the topic to some other fragments of your text, much less questionable, and ask me "Do you disagree?". You still go away from the real big issue. And now: you can avoid discussing hashing, but you cannot do it when you mention password encryption. Nobody pulled these words out of you mouse...

From your objection, I still cannot see that you really understand the security issue related to the password use.

—SA
gggustafson 9-Dec-13 10:15am
   
Don't you read?
   
Sorry, I don't understand. Which part you think I did not read?
—SA
Member 10304968 9-Dec-13 18:03pm
   
can you send to me some links about how to secure my system
gggustafson 9-Dec-13 21:45pm
   
1. The connection between the client and the server must be HTTPS. Google HTTPS to find out how to use it.

2. The password generation should follow the rules of "Salted Password Hashing - Doing it Right" (https://crackstation.net/hashing-security.htm). It is a long read but well worth it.

3. If you need further help - gggustafson@gmail.com

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100