Click here to Skip to main content
14,825,842 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
i have created a form to login my user in my application,its work fine for simple set up,but i have to access to multiple user that is way i am using a form to create a form to make a user name and password for the employee. i am using following code to encrypt user name and password.
string passwordForEncryption = "sA23(^A1&*%1)01Ax)@!21!@#$%^&*()7984651";
               string encryptedpassword = StringCipher.Encrypt(ddlRollNo.Text, passwordForEncryption);
               string encryptedUserName = StringCipher.Encrypt(txtPassword.Text, passwordForEncryption);
               CTP.HRMS.Business.UserLogin ulogin = new Business.UserLogin();
               ulogin.Role_Id = SafeConvert.ToByte(ddlRole.SelectedValue);
               ulogin.Employee_Id = encryptedUserName;
               ulogin.Password = encryptedpassword;

and when user login i am using following code

    string passwordForEncryption = "sA23(^A1&*%1)01Ax)@!21!@#$%^&*()7984651";

    string encryptedpassword = StringCipher.Encrypt(txtPWD.Text, passwordForEncryption);
    string encryptedUserName = StringCipher.Encrypt(txtUserName.Text, passwordForEncryption);

    Entities entities = new Entities();
    CTP.HRMS.WebApp.EF.UserLogin login = entities.UserLogins.FirstOrDefault(x =>x.Employee_Id==encryptedUserName && x.Password == encryptedpassword);

    //var login = (from u in entities.UserLogins
    //              join ee in entities.Employees on u.Id equals ee.Id

    //              where u.Password == encryptedpassword
    //                    && u.UserName == encryptedUserName
    //              select new
    //              {
    //                  FormalName = u.FormalName,
    //                  gisuyag = ee.Address
    //              }).FirstOrDefault();

    if (login != null)
        MyUser.UserName = txtUserName.Text;
        MyUser.Role_Id = login.Role_Id;
      //  MyUser.FormalName = login.FormalName; //Create A fuield that contains full Name of logged in user for diaplay purpose
        FormsAuthentication.RedirectFromLoginPage(login.Id.ToString(), true);


        //if data reader doesn’t contains any row, it means user name or password is


        txtUserName.Text = "";

        txtPWD.Text = "";

        Label3.Text = "User Name/Password not correct";

how i can i do this
Mehdi Gholam 9-May-15 3:53am
Bad idea to put passwords in code.
Sajid227 9-May-15 4:15am

1 solution

Encrypted information can be decrypted. You should use hashing as described in Secure Password Authentication Explained Simply[^].

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900