how to encrypt and decrypt password and stored in database using asp.net or encrypt or decrypt user password with c#

By: Suresh Dasari Dec 28, 2010

Introduction

Here I will explain how to encrypt data and save it in database and how to decrypt encrypted data in database using asp.net

Description

First we will learn what is encryption and decryption

Encryption is the process of translating plain text data into something that appears to be random and meaningless.

Decryption is the process of translating random and meaningless data to plain text.

Why we need to use this Encryption and decryption processes

By using this process we can hide original data and display some junk data based on this we can provide some security for our data.

Here I will explain how to encrypt data and how to save that data into database after that I will show how to decrypt that encrypted data in database and how we can display that decrypted data on form.

I have a form with four fileds username, password, firstname, lastname here I am encrypting password data and saving that data into database after that I am getting from database and decrypting the encrypted password data and displaying that data using gridview.

Design your aspx like this

</head>

<body>

<div>

<tr>

<b>Encryption and Decryption of Password</b>

</td>

</tr>

<tr>

<td>

UserName

</td>

<td>

<asp:TextBox ID="txtname" runat="server"></asp:TextBox>

</td>

</tr>

<tr>

<td>

Password

</td>

<td>

<asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox>

</td>

</tr>

<tr>

<td>

FirstName

</td>

<td>

<asp:TextBox ID="txtfname" runat="server"></asp:TextBox>

</td>

</tr>

<tr>

<td>

LastName

</td>

<td>

<asp:TextBox ID="txtlname" runat="server"></asp:TextBox>

</td>

</tr>

<tr>

<td>

</td>

<td>

<asp:Button ID="btnSubmit" runat="server" Text="Submit"

onclick="btnSubmit_Click" />

</td>

</tr>

</table>

</div>

<div>

<tr>

<td>

<b>Encryption of Password Details</b>

</td>

</tr>

<tr>

<td>

<asp:GridView ID="gvUsers" runat="server" CellPadding="4" BackColor="White"

BorderColor="#CC9966" BorderStyle="None" BorderWidth="1px">

<HeaderStyle BackColor="#990000" Font-Bold="True" ForeColor="#FFFFCC"

HorizontalAlign="Left"/>

</asp:GridView>

</td>

</tr>

</table>

</div>

<div>

<tr>

<td>

<b>Decryption of Password Details</b>

</td>

</tr>

<tr>

<td>

<asp:GridView ID="gvdecryption" runat="server" BackColor="White"

BorderColor="#CC9966" BorderStyle="None" BorderWidth="1px" CellPadding="4"

onrowdatabound="gvdecryption_RowDataBound">

</asp:GridView>

</td>

</tr>

</table>

</div>

</form>

</body>

</html>

After that add System.Text namespace in code behind because in this namespace contains classes representing ASCII and Unicode character encodings

After that add following code in code behind and design one table in database with four fields and give name as "SampleUserdetails"

private const string strconneciton = "Data Source=MYCBJ017550027;Initial Catalog=MySamplesDB;Integrated Security=True";

SqlConnection con = new SqlConnection(strconneciton);

protected void Page_Load(object sender, EventArgs e)

{

if (!IsPostBack)

{

BindencryptedData();

BindDecryptedData();

}

/// <summary>

/// btnSubmit event is used to insert user details with password encryption

/// </summary>

/// <param name="sender"></param>

/// <param name="e"></param>

protected void btnSubmit_Click(object sender, EventArgs e)

{

string strpassword = Encryptdata(txtPassword.Text);

con.Open();

SqlCommand cmd = new SqlCommand("insert into SampleUserdetails(UserName,Password,FirstName,LastName) values('" + txtname.Text + "','" + strpassword + "','" + txtfname.Text + "','" + txtlname.Text + "')", con);

cmd.ExecuteNonQuery();

con.Close();

BindencryptedData();

BindDecryptedData();

}

/// <summary>

/// Bind user Details to gridview

/// </summary>

protected void BindencryptedData()

{

con.Open();

SqlCommand cmd = new SqlCommand("select * from SampleUserdetails", con);

SqlDataAdapter da = new SqlDataAdapter(cmd);

DataSet ds = new DataSet();

da.Fill(ds);

gvUsers.DataSource = ds;

gvUsers.DataBind();

con.Close();

}

/// <summary>

/// Bind user Details to gridview

/// </summary>

protected void BindDecryptedData()

{

con.Open();

SqlCommand cmd = new SqlCommand("select * from SampleUserdetails", con);

SqlDataAdapter da = new SqlDataAdapter(cmd);

DataSet ds = new DataSet();

da.Fill(ds);

gvdecryption.DataSource = ds;

gvdecryption.DataBind();

con.Close();

}

/// <summary>

/// Function is used to encrypt the password

/// </summary>

/// <param name="password"></param>

/// <returns></returns>

private string Encryptdata(string password)

{

string strmsg = string.Empty;

byte[] encode = new byte[password.Length];

encode = Encoding.UTF8.GetBytes(password);

strmsg = Convert.ToBase64String(encode);

return strmsg;

}

/// <summary>

/// Function is used to Decrypt the password

/// </summary>

/// <param name="password"></param>

/// <returns></returns>

private string Decryptdata(string encryptpwd)

{

string decryptpwd = string.Empty;

UTF8Encoding encodepwd = new UTF8Encoding();

Decoder Decode = encodepwd.GetDecoder();

byte[] todecode_byte = Convert.FromBase64String(encryptpwd);

int charCount = Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);

char[] decoded_char = new char[charCount];

Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);

decryptpwd = new String(decoded_char);

return decryptpwd;

}

/// <summary>

/// rowdatabound condition is used to change the encrypted password format to decryption format

/// </summary>

/// <param name="sender"></param>

/// <param name="e"></param>

protected void gvdecryption_RowDataBound(object sender, GridViewRowEventArgs e)

{

if (e.Row.RowType == DataControlRowType.DataRow)

{

string decryptpassword = e.Row.Cells[2].Text;

e.Row.Cells[2].Text = Decryptdata(decryptpassword);

}

Demo

Download sample code attached

If you enjoyed this post, please support the blog below. It's FREE!

Get the latest Asp.net, C#.net, VB.NET, jQuery, Plugins & Code Snippets for FREE by subscribing to our Facebook, Twitter, RSS feed, or by email.

Subscribe by RSS

Subscribe by Email

53 comments :

zia said...: wat about 1 way hashing; January 5, 2011 at 4:49 AM
manish said...: gud one...............; February 28, 2011 at 11:52 PM
Anonymous said...: hi.
Sir I Run Your program but i have One error occured
Invalid length for a Base-64 char array.

please help me What Shhould i do; May 27, 2011 at 5:09 AM
Suresh Dasari said...: hi,
check this here i explained clearly how to solve this Invalid length for a Base-64 char array
http://www.aspdotnet-suresh.com/2011/05/invalid-length-for-base-64-char-array.html; May 28, 2011 at 1:59 AM
Anonymous said...: This is encoding not encryption. Using only base64 to encode a password is worthless; you may as well use cleartext as this is going to take an intruder about 30 seconds to break.; June 28, 2011 at 9:27 PM
Anonymous said...: hi i am getting error in visual studio 2008 i am using c# and sql i got this error

A potentially dangerous Request.Form value was detected from the client (TextBox1="< html >").

cos its not accepting tag type characters. pls help; July 7, 2011 at 9:44 PM
Suresh Dasari said...: hi you have to set ValidateRequest="false" on the @Page line your problem will solve; July 7, 2011 at 10:12 PM
Yogesh Saroya said...: hi
when i m using byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("", "+")); this then it show (String cannot be of zero length.
Parameter name: oldValue) but also update data in database .... and program terminate....; July 16, 2011 at 6:51 AM
Unknown said...: hi
when i m using byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("", "+")); this then it show (String cannot be of zero length.
Parameter name: oldValue) but also update data in database .... and program terminate....
hi
when i m using byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("", "+")); this then it show (String cannot be of zero length.
Parameter name: oldValue) but also update data in database .... and program terminate....; November 25, 2011 at 12:53 AM
Bhaskara said...: it good to given a video explanation about encrypt and decryption in c#

Thanks for sharing

http://csharpektroncmssql.blogspot.com; December 13, 2011 at 4:32 AM
Noel Briggs said...: THIS IS HORRIBLE ADVICE.

THIS IS NOT ENCRYPTION - IT IS BASE64 ENCODING.

CALLING BASE64 DECODING WILL BREAK YOUR "ENCRYPTION."

You're not doing any sort of encryption here, all you're doing is storing text in base64 format. This is terrible advice, and anyone that takes this article seriously, and uses it to try to secure actual sensitive data will be at real risk because of what you have written here.

REALLY irresponsible to be writing articles on encryption when you obviously have no idea what you're doing. Just to start, you don't even have any of the cryptography namespaces imported into your "solution."

This isn't even amateur - it's a complete misunderstanding of what you're doing. Again - Base64 is just a format - not at all encryption. It is plain text!!!!!!!; March 13, 2012 at 5:25 PM
Anonymous said...: Solve This Error Invalid length for a Base-64 char array.

No Need to Cahnge this encryptpwd.Replace('', '+'));

Try this Only Change index of Cell

if (e.Row.RowType == DataControlRowType.DataRow)
{
string decryptpassword = e.Row.Cells[1].Text;
e.Row.Cells[1].Text = Decryptdata(decryptpassword);
}; August 3, 2012 at 3:20 AM
ravi said...: Thank you very much; August 8, 2012 at 4:17 AM
Jitendra Gangwar said...: This comment has been removed by the author.; August 13, 2012 at 12:19 PM
Anonymous said...: Yaah its working superb.Thank u mans; August 23, 2012 at 3:54 AM
Anonymous said...: Thanks My Dear
A great post but a person knowing this decryption can decrypt it. so any another way to make a run time random decrypt.
Thanks Once again; September 10, 2012 at 10:51 PM
Anonymous said...: Don't be so rough on this guy. True, his example is not demonstrating encrytion, but it does display the foundation. The encrypt and dycrypt function just need to be altered. I would recommend reading through http://msdn.microsoft.com/en-us/library/system.security.cryptography(v=vs.71).aspx. I would also do some more research before starting to store passwords in a database. Your users expect this of a good programmer and web developer.; October 28, 2012 at 4:22 PM
suresh said...: hi Mr.Dasari

how to set a "UTF8Encode". Which Kind of header files need to add???

help me Mr.dasari

BY
suresh; December 22, 2012 at 11:27 PM
manish said...: use this namespace

using System.Text;; December 24, 2012 at 10:39 PM
Anonymous said...: sorryy but your this password encryption algorithm is not working in any condition.....please suggest something other method; January 6, 2013 at 12:07 AM
Pgp said...: Thank you very much Disertation writing, We appreciate your interest and suggestions.; January 9, 2013 at 7:20 AM
Anonymous said...: Thank You,....Absolutely good coding...; April 21, 2013 at 7:05 AM
Anonymous said...: this is very good; April 26, 2013 at 2:15 AM
Anonymous said...: which visual studio version is good for web designing 2008 or 2010 pls reply me my mail id pmkarthi87@gmail.com; April 26, 2013 at 2:16 AM
Anonymous said...: Sir It cant work; May 23, 2013 at 1:25 AM
Anonymous said...: it is very useful...........; July 5, 2013 at 10:00 PM
Unknown said...: Thank u; July 9, 2013 at 8:38 PM
Pravin said...: Thanks so much; July 11, 2013 at 1:41 AM
Anonymous said...: u r .net master; July 19, 2013 at 1:20 AM
Anonymous said...: getting "Invalid length for a Base-64 char array or string."; July 19, 2013 at 2:01 AM
Anonymous said...: getting "Invalid length for a Base-64 char array or string"
plz help
also i am change
Oldone

byte[] todecode_byte = Convert.FromBase64String(encryptpwd);

To

Newone

byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("","+"));

still i m getting this; July 19, 2013 at 2:04 AM
Unknown said...: getting "Invalid length for a Base-64 char array or string"
plz help
also i am change
Oldone

byte[] todecode_byte = Convert.FromBase64String(encryptpwd);

To

Newone

byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("","+"));

still i m getting this; July 25, 2013 at 9:57 PM
Anonymous said...: Sir, i want to say u thank u to u. Bcoz of u now i m getting interesed in coding (earlier not at all interested) .U give very simple solution which can be easily understood by beginners. Thank u sir once again for helping all of us and increasing our interested towards coding.

Shantanu; July 29, 2013 at 3:41 AM
Unknown said...: hi sir daily i visit your website for learning new concept. i am fresher. this website very very useful to me. thank you very much; August 26, 2013 at 2:59 AM
Ravuri said...: Nice Article; August 30, 2013 at 12:13 AM
Unknown said...: byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace(' ', '+'));
byte[] todecode_byte = Convert.FromBase64String(encryptpwd);

I have used the above lines still i am getting error's...
I have seen ur link also. By that also i am getting error. Plz, Once post the correct link. in the site.........; September 19, 2013 at 6:01 AM
Unknown said...: Sir, those links r nt wrkng.....; September 19, 2013 at 6:39 AM
Unknown said...: hi sir daily i visit your website for learning new concept. i am fresher. this website very very useful to me. But, this Concept is not working only................; September 19, 2013 at 6:44 AM
Anonymous said...: it is encoding but not decoding; October 5, 2013 at 3:38 AM
Anonymous said...: Decoding is comple . Why you have use a lenthy process?
This could be done as:
UTF8Encoding encodepwd = new UTF8Encoding();
byte[] todecode_byte = Convert.FromBase64String(strmsg);
string str= encodepwd.GetString(todecode_byte,0,todecode_byte.Length);
label1.Text = str;; November 6, 2013 at 11:01 PM
Amresh Bahadur Singh said...: Use this ...
Decryptdata(Encryptdata(txtloginpass.Text));

Amresh Bahadur Singh; November 27, 2013 at 11:12 PM
Unknown said...: This comment has been removed by the author.; December 10, 2013 at 3:03 AM
Anonymous said...: wow; January 29, 2014 at 4:44 AM
mithun said...: using System.Text;
is required.I got this problem so i m giving it....; February 10, 2014 at 11:09 PM
Anonymous said...: using this we can only encrypt a word of length less 8; April 3, 2014 at 4:15 AM
Anonymous said...: Thank you; August 14, 2014 at 5:22 AM
Anonymous said...: sir could you please tell me different Encryption/decryption techniques; November 11, 2014 at 10:18 PM
Anonymous said...: Sir, I want a simple code about encryption and decryption where, first I store the details of user in sql server with encrypted password and after that check for authenticated users in the login form.Please help me sir.......; September 23, 2015 at 7:24 PM
Prasunjeet Soni said...: Decoding Process is not working any more.It is requested to author please read comments and correct error so continue to your website will not interrupted.I am also getting following error.

"Invalid length for a Base-64 char array or string."; November 25, 2015 at 3:27 AM
Sahil Gurav said...: it worked..but when i tried to select the encrypted data for creating stored procedure, it shows message that the encrypted data is wrong or corrupted.
-----------

select decrypt_binary(pm_specdata,"walmart01") from rpac_prodmst where pm_rpacprodcode = 1488
# ^
#26005: The encrypted data is wrong or corrupted.
#; February 9, 2016 at 1:22 AM
mohang99 said...: This is worthless. This is only base64 encoding and decoding, and not encrypting and decrpyting. It takes only a few seconds to convert the base64 string to the password.; April 19, 2016 at 9:13 AM
Anonymous said...: Super Article; June 28, 2016 at 2:50 AM
Anonymous said...: which algorithm is used in above encryption code.; September 30, 2016 at 11:09 PM