Aspdotnet-Suresh

aspdotnet-suresh offers C#.net articles and tutorials,csharp dot net,asp.net articles and tutorials,VB.NET Articles,Gridview articles,code examples of asp.net 2.0 /3.5,AJAX,SQL Server Articles,examples of .net technologies

how to encrypt and decrypt password and stored in database using asp.net or encrypt or decrypt user password with c#

Dec 28, 2010
Introduction

Here I will explain how to encrypt data and save it in database and how to decrypt encrypted data in database using asp.net

Description

First we will learn what is encryption and decryption

Encryption is the process of translating plain text data into something that appears to be random and meaningless.

Decryption is the process of translating random and meaningless data to plain text.
Why we need to use this Encryption and decryption processes

 By using this process we can hide original data and display some junk data based on this we can provide some security for our data.

Here I will explain how to encrypt data and how to save that data into database after that I will show how to decrypt that encrypted data in database and how we can display that decrypted data on form.

I have a form with four fileds username, password, firstname, lastname here I am encrypting password data and saving that data into database after that I am getting from database and decrypting the encrypted password data and displaying that data using gridview.

Design your aspx like this 


<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<table align="center">
<tr>
<td colspan="2">
<b>Encryption and Decryption of Password</b>
</td>
</tr>
<tr>
<td>
UserName
</td>
<td>
<asp:TextBox ID="txtname" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox>
</td>
</tr>
<tr>
<td>
FirstName
</td>
<td>
<asp:TextBox ID="txtfname" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
LastName
</td>
<td>
<asp:TextBox ID="txtlname" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
</td>
<td>
<asp:Button ID="btnSubmit" runat="server" Text="Submit"
onclick="btnSubmit_Click" />
</td>
</tr>
</table>
</div>
<div>
<table align="center">
<tr>
<td>
<b>Encryption of Password Details</b>
</td>
</tr>
<tr>
<td>
<asp:GridView ID="gvUsers" runat="server" CellPadding="4" BackColor="White"
BorderColor="#CC9966" BorderStyle="None" BorderWidth="1px">
<RowStyle BackColor="White" ForeColor="#330099" />
<FooterStyle BackColor="#FFFFCC" ForeColor="#330099" />
<PagerStyle BackColor="#FFFFCC" ForeColor="#330099" HorizontalAlign="Center" />
<SelectedRowStyle BackColor="#FFCC66" Font-Bold="True" ForeColor="#663399" />
<HeaderStyle BackColor="#990000" Font-Bold="True" ForeColor="#FFFFCC"
HorizontalAlign="Left"/>
</asp:GridView>
</td>
</tr>
</table>
</div>
<div>
<table align="center">
<tr>
<td>
<b>Decryption of Password Details</b>
</td>
</tr>
<tr>
<td>
<asp:GridView ID="gvdecryption" runat="server" BackColor="White"
BorderColor="#CC9966" BorderStyle="None" BorderWidth="1px" CellPadding="4"
onrowdatabound="gvdecryption_RowDataBound">
<RowStyle BackColor="White" ForeColor="#330099" />
<FooterStyle BackColor="#FFFFCC" ForeColor="#330099" />
<PagerStyle BackColor="#FFFFCC" ForeColor="#330099" HorizontalAlign="Center" />
<SelectedRowStyle BackColor="#FFCC66" Font-Bold="True" ForeColor="#663399" />
<HeaderStyle BackColor="#990000" Font-Bold="True" ForeColor="#FFFFCC" />
</asp:GridView>
</td>
</tr>
</table>
</div>
</form>
</body>
</html>
After that add System.Text namespace in code behind because in this namespace contains classes representing ASCII and Unicode character encodings

After that add following code in code behind and design one table in database with four fields and give name as "SampleUserdetails"

private const string strconneciton = "Data Source=MYCBJ017550027;Initial Catalog=MySamplesDB;Integrated Security=True";
SqlConnection con = new SqlConnection(strconneciton);
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
BindencryptedData();
BindDecryptedData();
}
}
/// <summary>
/// btnSubmit event is used to insert user details with password encryption
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strpassword = Encryptdata(txtPassword.Text);
con.Open();
SqlCommand cmd = new SqlCommand("insert into SampleUserdetails(UserName,Password,FirstName,LastName) values('" + txtname.Text + "','" + strpassword + "','" + txtfname.Text + "','" + txtlname.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
BindencryptedData();
BindDecryptedData();
}
/// <summary>
/// Bind user Details to gridview
/// </summary>
protected void BindencryptedData()
{
con.Open();
SqlCommand cmd = new SqlCommand("select * from SampleUserdetails", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
gvUsers.DataSource = ds;
gvUsers.DataBind();
con.Close();
}
/// <summary>
/// Bind user Details to gridview
/// </summary>
protected void BindDecryptedData()
{
con.Open();
SqlCommand cmd = new SqlCommand("select * from SampleUserdetails", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
gvdecryption.DataSource = ds;
gvdecryption.DataBind();
con.Close();
}
/// <summary>
/// Function is used to encrypt the password
/// </summary>
/// <param name="password"></param>
/// <returns></returns>
private string Encryptdata(string password)
{
string strmsg = string.Empty;
byte[] encode = new byte[password.Length];
encode = Encoding.UTF8.GetBytes(password);
strmsg = Convert.ToBase64String(encode);
return strmsg;
}
/// <summary>
/// Function is used to Decrypt the password
/// </summary>
/// <param name="password"></param>
/// <returns></returns>
private string Decryptdata(string encryptpwd)
{
string decryptpwd = string.Empty;
UTF8Encoding encodepwd = new UTF8Encoding();
Decoder Decode = encodepwd.GetDecoder();
byte[] todecode_byte = Convert.FromBase64String(encryptpwd);
int charCount = Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
char[] decoded_char = new char[charCount];
Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
decryptpwd = new String(decoded_char);
return decryptpwd;
}
/// <summary>
/// rowdatabound condition is used to change the encrypted password format to decryption format
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void gvdecryption_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
string decryptpassword = e.Row.Cells[2].Text;
e.Row.Cells[2].Text = Decryptdata(decryptpassword);
}
}
Demo

 Download sample code attached

If you enjoyed this post, please support the blog below. It's FREE!

Get the latest Asp.net, C#.net, VB.NET, jQuery, Plugins & Code Snippets for FREE by subscribing to our Facebook, Twitter, RSS feed, or by email.

subscribe by rss Subscribe by RSS subscribe by email Subscribe by Email

53 comments :

zia said...

wat about 1 way hashing

manish said...

gud one...............

Anonymous said...

hi.
Sir I Run Your program but i have One error occured
Invalid length for a Base-64 char array.

please help me What Shhould i do

Suresh Dasari said...

hi,
check this here i explained clearly how to solve this Invalid length for a Base-64 char array
http://www.aspdotnet-suresh.com/2011/05/invalid-length-for-base-64-char-array.html

Anonymous said...

This is encoding not encryption. Using only base64 to encode a password is worthless; you may as well use cleartext as this is going to take an intruder about 30 seconds to break.

Anonymous said...

hi i am getting error in visual studio 2008 i am using c# and sql i got this error

A potentially dangerous Request.Form value was detected from the client (TextBox1="< html >").

cos its not accepting tag type characters. pls help

Suresh Dasari said...

hi you have to set ValidateRequest="false" on the @Page line your problem will solve

Yogesh Saroya said...

hi
when i m using byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("", "+")); this then it show (String cannot be of zero length.
Parameter name: oldValue) but also update data in database .... and program terminate....

Unknown said...

hi
when i m using byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("", "+")); this then it show (String cannot be of zero length.
Parameter name: oldValue) but also update data in database .... and program terminate....
hi
when i m using byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("", "+")); this then it show (String cannot be of zero length.
Parameter name: oldValue) but also update data in database .... and program terminate....

Bhaskara said...

it good to given a video explanation about encrypt and decryption in c#

Thanks for sharing

http://csharpektroncmssql.blogspot.com

Noel Briggs said...

THIS IS HORRIBLE ADVICE.

THIS IS NOT ENCRYPTION - IT IS BASE64 ENCODING.

CALLING BASE64 DECODING WILL BREAK YOUR "ENCRYPTION."

You're not doing any sort of encryption here, all you're doing is storing text in base64 format. This is terrible advice, and anyone that takes this article seriously, and uses it to try to secure actual sensitive data will be at real risk because of what you have written here.

REALLY irresponsible to be writing articles on encryption when you obviously have no idea what you're doing. Just to start, you don't even have any of the cryptography namespaces imported into your "solution."

This isn't even amateur - it's a complete misunderstanding of what you're doing. Again - Base64 is just a format - not at all encryption. It is plain text!!!!!!!

Anonymous said...

Solve This Error Invalid length for a Base-64 char array.

No Need to Cahnge this encryptpwd.Replace('', '+'));

Try this Only Change index of Cell

if (e.Row.RowType == DataControlRowType.DataRow)
{
string decryptpassword = e.Row.Cells[1].Text;
e.Row.Cells[1].Text = Decryptdata(decryptpassword);
}

ravi said...

Thank you very much

Jitendra Gangwar said...
This comment has been removed by the author.
Anonymous said...

Yaah its working superb.Thank u mans

Anonymous said...

Thanks My Dear
A great post but a person knowing this decryption can decrypt it. so any another way to make a run time random decrypt.
Thanks Once again

Anonymous said...

Don't be so rough on this guy. True, his example is not demonstrating encrytion, but it does display the foundation. The encrypt and dycrypt function just need to be altered. I would recommend reading through http://msdn.microsoft.com/en-us/library/system.security.cryptography(v=vs.71).aspx. I would also do some more research before starting to store passwords in a database. Your users expect this of a good programmer and web developer.

suresh said...

hi Mr.Dasari

how to set a "UTF8Encode". Which Kind of header files need to add???

help me Mr.dasari

BY
suresh

manish said...

use this namespace

using System.Text;

Anonymous said...

sorryy but your this password encryption algorithm is not working in any condition.....please suggest something other method

Pgp said...

Thank you very much Disertation writing, We appreciate your interest and suggestions.

Anonymous said...

Thank You,....Absolutely good coding...

Anonymous said...

this is very good

Anonymous said...

which visual studio version is good for web designing 2008 or 2010 pls reply me my mail id pmkarthi87@gmail.com

Anonymous said...

Sir It cant work

Anonymous said...

it is very useful...........

Unknown said...

Thank u

Pravin said...

Thanks so much

Anonymous said...

u r .net master

Anonymous said...

getting "Invalid length for a Base-64 char array or string."

Anonymous said...

getting "Invalid length for a Base-64 char array or string"
plz help
also i am change
Oldone

byte[] todecode_byte = Convert.FromBase64String(encryptpwd);

To

Newone

byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("","+"));

still i m getting this

Unknown said...

getting "Invalid length for a Base-64 char array or string"
plz help
also i am change
Oldone

byte[] todecode_byte = Convert.FromBase64String(encryptpwd);

To

Newone

byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("","+"));

still i m getting this

Anonymous said...

Sir, i want to say u thank u to u. Bcoz of u now i m getting interesed in coding (earlier not at all interested) .U give very simple solution which can be easily understood by beginners. Thank u sir once again for helping all of us and increasing our interested towards coding.

Shantanu

Unknown said...

hi sir daily i visit your website for learning new concept. i am fresher. this website very very useful to me. thank you very much

Ravuri said...

Nice Article

Unknown said...

byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace(' ', '+'));
byte[] todecode_byte = Convert.FromBase64String(encryptpwd);

I have used the above lines still i am getting error's...
I have seen ur link also. By that also i am getting error. Plz, Once post the correct link. in the site.........

Unknown said...

Sir, those links r nt wrkng.....

Unknown said...

hi sir daily i visit your website for learning new concept. i am fresher. this website very very useful to me. But, this Concept is not working only................

Anonymous said...

it is encoding but not decoding

Anonymous said...

Decoding is comple . Why you have use a lenthy process?
This could be done as:
UTF8Encoding encodepwd = new UTF8Encoding();
byte[] todecode_byte = Convert.FromBase64String(strmsg);
string str= encodepwd.GetString(todecode_byte,0,todecode_byte.Length);
label1.Text = str;

Amresh Bahadur Singh said...

Use this ...
Decryptdata(Encryptdata(txtloginpass.Text));

Amresh Bahadur Singh

Unknown said...
This comment has been removed by the author.
Anonymous said...

wow

mithun said...

using System.Text;
is required.I got this problem so i m giving it....

Anonymous said...

using this we can only encrypt a word of length less 8

Anonymous said...

Thank you

Anonymous said...

sir could you please tell me different Encryption/decryption techniques

Anonymous said...

Sir, I want a simple code about encryption and decryption where, first I store the details of user in sql server with encrypted password and after that check for authenticated users in the login form.Please help me sir.......

Prasunjeet Soni said...

Decoding Process is not working any more.It is requested to author please read comments and correct error so continue to your website will not interrupted.I am also getting following error.

"Invalid length for a Base-64 char array or string."

Sahil Gurav said...

it worked..but when i tried to select the encrypted data for creating stored procedure, it shows message that the encrypted data is wrong or corrupted.
-----------

select decrypt_binary(pm_specdata,"walmart01") from rpac_prodmst where pm_rpacprodcode = 1488
# ^
#26005: The encrypted data is wrong or corrupted.
#

mohang99 said...

This is worthless. This is only base64 encoding and decoding, and not encrypting and decrpyting. It takes only a few seconds to convert the base64 string to the password.

Anonymous said...

Super Article

Anonymous said...

which algorithm is used in above encryption code.

Give your Valuable Comments

Note: Only a member of this blog may post a comment.

© 2015 Aspdotnet-Suresh.com. All Rights Reserved.
The content is copyrighted to Suresh Dasari and may not be reproduced on other websites without permission from the owner.