Simple Login Form Using MD5 Hash Algorithm

The hash algorithm is allowed to create larger number of data using the small number of data.

Step 1: Create a simple login form as in the following screenshot:

design

By using the following HTML code:

  1. <asp:Table ID="Table1" runat="server" Width="418px" Height="209px">  
  2.     <asp:TableRow>  
  3.         <asp:TableCell>  
  4.             User Name  
  5.         </asp:TableCell>  
  6.         <asp:TableCell>  
  7.             <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>  
  8.         </asp:TableCell>  
  9.     </asp:TableRow>  
  10.     <asp:TableRow>  
  11.         <asp:TableCell>  
  12.             Password  
  13.         </asp:TableCell>  
  14.         <asp:TableCell>  
  15.             <asp:TextBox ID="TextBox2" runat="server" TextMode="Password"></asp:TextBox>  
  16.         </asp:TableCell>  
  17.     </asp:TableRow>  
  18.     <asp:TableRow>  
  19.         <asp:TableCell>  
  20.             <asp:Button ID="Button1" runat="server" Text="Sign Up" OnClick="Message_click" />  
  21.         </asp:TableCell>  
  22.         <asp:TableCell>  
  23.             <asp:Button ID="Button2" runat="server" Text="login" OnClick="login_click" />  
  24.         </asp:TableCell>  
  25.         <asp:TableCell>  
  26.             <asp:Label ID="Label1" runat="server" />  
  27.         </asp:TableCell>  
  28.     </asp:TableRow>  
  29. </asp:Table>  
Step 2: Now create the Database table as in the following screenshot:

Encrypt
Step 3: After creating the table use the following coding in Sign up button to get user name and password:
  1.     public void Message_click(object sender, EventArgs e)  
  2.     {  
  3.         string username = TextBox1.Text.ToString();  
  4.         String password = TextBox2.Text;  
  5. //Get the encrypt the password by using the class  
  6.         string pass = encryption(password);  
  7.         Label1.Text = pass;  
  8. //Check whether the UseName and password are Empty  
  9.         if (username.Length > 0 && password.Length > 0)  
  10.         {  
  11. //creating the connection string              
  12. string connection = ConfigurationManager.ConnectionStrings["DefaultConnection"].ToString();  
  13.             SqlConnection con = new SqlConnection(connection);  
  14.             String passwords = encryption(password);  
  15.             con.Open();  
  16. // Check whether the Username Found in the Existing DB  
  17.             String search = "SELECT * FROM UserAccount WHERE (UserName = '" + username + "');";  
  18.             SqlCommand cmds = new SqlCommand(search, con);  
  19.             SqlDataReader sqldrs = cmds.ExecuteReader();  
  20.             if (sqldrs.Read())  
  21.             {  
  22.                 String passed = (string)sqldrs["Password"];  
  23.                 Label1.Text = "Username Already Taken";  
  24.             }  
  25.             else  
  26.             {  
  27.                 try  
  28.                 {  
  29. // if the Username not found create the new user accound  
  30.                     string sql = "INSERT INTO UserAccount (UserName, Password) VALUES ('" + username + "','" + passwords + "');";  
  31.                     SqlCommand cmd = new SqlCommand(sql, con);  
  32.                     cmd.ExecuteNonQuery();  
  33.                     String Message = "saved Successfully";  
  34.                     Label1.Text = Message.ToString();  
  35.                     TextBox1.Text = "";  
  36.                     TextBox2.Text = "";  
  37.                     Response.Redirect("Default2.aspx");  
  38.                 }  
  39.                 catch (Exception ex)  
  40.                 {  
  41.                     Label1.Text = ex.ToString();  
  42.                 }  
  43.                 con.Close();  
  44.             }  
  45.         }  
  46.   
  47.         else  
  48.         {  
  49.             String Message = "Username or Password is empty";  
  50.             Label1.Text = Message.ToString();  
  51.         }   
  52.     }  
Step 4: Now encrypt the password by using the following method.
  1.     public string encryption(String password)  
  2.     {  
  3.         MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();  
  4.         byte[] encrypt;  
  5.         UTF8Encoding encode = new UTF8Encoding();  
  6. //encrypt the given password string into Encrypted data  
  7.         encrypt = md5.ComputeHash(encode.GetBytes(password));  
  8.         StringBuilder encryptdata = new StringBuilder();  
  9. //Create a new string by using the encrypted data  
  10.         for (int i = 0; i < encrypt.Length; i++)  
  11.         {  
  12.             encryptdata.Append(encrypt[i].ToString());  
  13.         }  
  14.         return encryptdata.ToString();  
  15.     }  
After inserting the values inside the DB it will be like the following:

Values inside the DB

In the above Database table the user name is given as it is but the password is in encrypted String format

Step 5: Now login by using already created username and password.

login

Add the following code in the Login button.
  1. public void login_click(object sender, EventArgs e)  
  2. {  
  3.     String username = TextBox1.Text.ToString();  
  4.     String password = TextBox2.Text;  
  5.     string con = ConfigurationManager.ConnectionStrings["DefaultConnection"].ToString();  
  6.     SqlConnection connection = new SqlConnection(con);  
  7.     connection.Open();  
  8. ncrypt the given password  
  9.     string passwords = encryption(password);  
  10.     String query = "SELECT UserName, Password FROM UserAccount WHERE (UserName = '" + username + "') AND (Password = '"+passwords+"');";  
  11.   
  12.         SqlCommand cmd = new SqlCommand(query, connection);  
  13.         SqlDataReader sqldr = cmd.ExecuteReader();  
  14.         if (sqldr.Read())  
  15.         {  
  16.                 Response.Redirect("Default3.aspx");  
  17.         }  
  18.             else  
  19.             {  
  20.                 Label1.Text = "User or password is in correct not found";   
  21.                  
  22.             }  
  23.           
  24.     connection.Close();  
  25. }  
If the Password is correct it will take us to the Default3.aspx page, else it will show a message in the following label box:

show a message in the below label box

Decryption is not possible using MD5, so I have again converted the entered password and then checked the value with the database.