asp.net| encryption uses ASP.net to encrypt passwords
Whenever we want to build a database-driven personalized web site, we must protect the user's data. Although hackers can steal a person's password, the more serious problem is that someone can steal the entire database, and then immediately all the passwords.
Principle
It is a good practice not to store the actual passwords in the database, but to store their encrypted versions. When we need to authenticate the user, we simply encrypt the user's password and then compare it to the encrypted password in the system.
In ASP, we have to use external objects to encrypt strings. The. NET SDK solves this problem by providing a HashPasswordForStoringInConfigFile method in the Cookieauthentication class in the System.Web.Security namespace, The purpose of this method, as its name suggests, is to encrypt passwords stored in configuration files and even cookies.
Example
The HashPasswordForStoringInConfigFile method is very simple to use, and it supports the "SHA1" and "MD5" hashing algorithms used to encrypt strings. To see the power of the "HashPasswordForStoringInConfigFile" method, let's create a small asp.net page and encrypt the string into SHA1 and MD5 format. The following is a asp.net page source code:
<%@ Import namespace= "System.Web.Security"%>
<script language= "VB" runat=server>
' This function encrypts the ' input string using the SHA1 and MD5
' Encryption algorithms
Sub encryptstring (Src as Object, E as EventArgs)
SHA1. Text = Cookieauthentication.hashpasswordforstoringinconfigfile (txtPassword.Text, "SHA1")
MD5. Text = Cookieauthentication.hashpasswordforstoringinconfigfile (txtPassword.Text, "MD5")
End Sub
</script>
<body>
<form runat=server>
<p><b>original Clear Text Password: </b><br>
<asp:textbox id= "Txtpassword" Runat=server/>
<asp:button runat= "Server" text= "Encrypt String" onclick= "encryptstring"/></p>
<p><b>encrypted Password in SHA1: </b>
<asp:label id= "SHA1" Runat=server/></p>
<p><b>encrypted Password in MD5: </b>
<asp:label id= "MD5" Runat=server/></p>
</form>
</body>
Click here for a demo.
As you can see, encrypted passwords are so simple. We can also wrap this function in a function that can be used at any time:
Function Encryptpassword (passwordstring As String, Passwordformat as String) as String
If passwordformat = "SHA1" Then
Encryptpassword = Cookieauthentication.hashpasswordforstoringinconfigfile (passwordstring, "SHA1")
Elseif passwordformat = "MD5" Then
Encryptpassword= Cookieauthentication.hashpasswordforstoringinconfigfile (passwordstring, "MD5")
Else
Encryptpassword = ""
End If
End Function
Using encryption methods in database applications
Each time you add a user record to the database, use this function to encrypt the password and insert the password into the string as the encrypted string. When a user logs on to your site, use this function to encrypt the password entered by the user, and then compare it to the encrypted password that was recovered from the database.
