Encrypt password with asp.net (turn)

Source: Internet
Author: User
Tags md5 sha1
asp.net| encryption uses ASP.net to encrypt passwords

Whenever we want to build a database-driven personalized web site, we must protect the user's data. Although hackers can steal a person's password, the more serious problem is that someone can steal the entire database, and then immediately all the passwords.

Principle

It is a good practice not to store the actual passwords in the database, but to store their encrypted versions. When we need to authenticate the user, we simply encrypt the user's password and then compare it to the encrypted password in the system.

In ASP, we have to use external objects to encrypt strings. The. NET SDK solves this problem by providing a HashPasswordForStoringInConfigFile method in the Cookieauthentication class in the System.Web.Security namespace, The purpose of this method, as its name suggests, is to encrypt passwords stored in configuration files and even cookies.

Example

The HashPasswordForStoringInConfigFile method is very simple to use, and it supports the "SHA1" and "MD5" hashing algorithms used to encrypt strings. To see the power of the "HashPasswordForStoringInConfigFile" method, let's create a small asp.net page and encrypt the string into SHA1 and MD5 format. The following is a asp.net page source code:

<%@ Import namespace= "System.Web.Security"%>
<script language= "VB" runat=server>
' This function encrypts the ' input string using the SHA1 and MD5
' Encryption algorithms
Sub encryptstring (Src as Object, E as EventArgs)
SHA1. Text = Cookieauthentication.hashpasswordforstoringinconfigfile (txtPassword.Text, "SHA1")
MD5. Text = Cookieauthentication.hashpasswordforstoringinconfigfile (txtPassword.Text, "MD5")
End Sub
</script>
<body>
<form runat=server>
<p><b>original Clear Text Password: </b><br>
<asp:textbox id= "Txtpassword" Runat=server/>
<asp:button runat= "Server" text= "Encrypt String" onclick= "encryptstring"/></p>
<p><b>encrypted Password in SHA1: </b>
<asp:label id= "SHA1" Runat=server/></p>
<p><b>encrypted Password in MD5: </b>
<asp:label id= "MD5" Runat=server/></p>
</form>
</body>

Click here for a demo.
As you can see, encrypted passwords are so simple. We can also wrap this function in a function that can be used at any time:

Function Encryptpassword (passwordstring As String, Passwordformat as String) as String
If passwordformat = "SHA1" Then
Encryptpassword = Cookieauthentication.hashpasswordforstoringinconfigfile (passwordstring, "SHA1")
Elseif passwordformat = "MD5" Then
Encryptpassword= Cookieauthentication.hashpasswordforstoringinconfigfile (passwordstring, "MD5")
Else
Encryptpassword = ""
End If
End Function

Using encryption methods in database applications

Each time you add a user record to the database, use this function to encrypt the password and insert the password into the string as the encrypted string. When a user logs on to your site, use this function to encrypt the password entered by the user, and then compare it to the encrypted password that was recovered from the database.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.