Store Password in Binary Format During Registration

In this article, we will learn how to store passwords in binary format during registration. We can also login to it by providing the correct credentials. Here the password will be stored in the database as binary data so that no one can determine what the password is when he/she opens the database table.

Table Creation

Image 1.jpg

Here the password "raj123" is stored in binary format.

Now let's move to the code.

Register.aspx

  1. <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Register.aspx.cs" Inherits="Register_login_Encrypt_Decrypt_Asp.Register" %>  
  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
  3. <html xmlns="http://www.w3.org/1999/xhtml" >  
  4. <head runat="server">  
  5.     <title> Register Page</title>  
  6. </head>  
  7. <body>  
  8.     <form id="form1" runat="server">  
  9.     <div>  
  10.     <asp:Label ID="Label1" runat="server" Text="Name" Width="150px" Font-Bold="True" BackColor="#FFFF66" ForeColor="#FF3300"></asp:Label>  
  11.     <asp:TextBox ID="txt_name" runat="server" Width="150px"></asp:TextBox>  
  12.         <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server"  
  13.             ControlToValidate="txt_name" ErrorMessage="Please enter name"></asp:RequiredFieldValidator>  
  14.         <br />  
  15.     <asp:Label ID="Label2" runat="server" Text="Address" Width="150px" Font-Bold="True" BackColor="#FFFF66" ForeColor="#FF3300"></asp:Label>  
  16.     <asp:TextBox ID="txt_address" runat="server" Width="150px"></asp:TextBox>  
  17.         <asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server"  
  18.             ControlToValidate="txt_address" ErrorMessage="Please enter address"></asp:RequiredFieldValidator>  
  19.         <br />  
  20.     <asp:Label ID="Label3" runat="server" Text="Password" Width="150px" Font-Bold="True" BackColor="#FFFF66" ForeColor="#FF3300"></asp:Label>  
  21.     <asp:TextBox ID="txt_password" runat="server" TextMode="Password" Width="150px"></asp:TextBox>  
  22.         <asp:RequiredFieldValidator ID="RequiredFieldValidator3" runat="server"  
  23.             ControlToValidate="txt_password" ErrorMessage="Please enter password"></asp:RequiredFieldValidator>  
  24.         <br />  
  25.     <asp:Button ID="btn_Register" runat="server" Text="Register"  
  26.             onclick="btn_Register_Click" BackColor="#CCFF99" BorderColor="Maroon"  
  27.             Font-Bold="True" ForeColor="#993333" />  
  28.     </div>  
  29.     <asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="~/Login.aspx">Click  
  30.     here to Login</asp:HyperLink>  
  31.     <asp:Label ID="lb1" runat="server" Font-Bold="True" ForeColor="#FF3300"></asp:Label>  
  32.     </form>  
  33. </body>  
  34. </html>

Register.aspx.cs

  1. using System;  
  2. using System.Collections;  
  3. using System.Configuration;  
  4. using System.Data;  
  5. using System.Linq;  
  6. using System.Web;  
  7. using System.Web.Security;  
  8. using System.Web.UI;  
  9. using System.Web.UI.HtmlControls;  
  10. using System.Web.UI.WebControls;  
  11. using System.Web.UI.WebControls.WebParts;  
  12. using System.Xml.Linq;  
  13. using System.Data.SqlClient;  
  14. namespace Register_login_Encrypt_Decrypt_Asp  
  15. {  
  16.     public partial class Register : System.Web.UI.Page  
  17.     {  
  18.         string connStr = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;  
  19.         SqlCommand com;  
  20.         protected void btn_Register_Click(object sender, EventArgs e)  
  21.         {  
  22.             SqlConnection con = new SqlConnection(connStr);  
  23.             con.Open();  
  24.             com = new SqlCommand();  
  25.             com.Connection = con;  
  26.             com.CommandType = CommandType.Text;  
  27.             Session["name"] = txt_name.Text;  
  28.             com.CommandText = @"INSERT INTO employee(name,address,password)VALUES(@name,@address,EncryptByPassPhrase('pass',@password))";  
  29.             com.Parameters.AddWithValue("@name", Session["name"]);  
  30.             com.Parameters.AddWithValue("@address", txt_address.Text);  
  31.             string password = txt_password.Text;  
  32.             System.Text.ASCIIEncoding encryptpwd = new System.Text.ASCIIEncoding();  
  33.             byte[] passwordArray = encryptpwd.GetBytes(password);  
  34.             com.Parameters.AddWithValue("@password", passwordArray);  
  35.             com.ExecuteNonQuery();  
  36.             com.Dispose();  
  37.             con.Close();  
  38.             lb1.Text = "Data entered successfully!!!";  
  39.             clear();  
  40.         }  
  41.         private void clear()  
  42.         {  
  43.             txt_name.Text = "";  
  44.             txt_address.Text = "";  
  45.         }  
  46.     }  
  47. } 

Login.aspx

  1. <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="Register_login_Encrypt_Decrypt_Asp.Login" %>  
  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
  3. <html xmlns="http://www.w3.org/1999/xhtml" >  
  4. <head runat="server">  
  5.     <title>Login Page</title>  
  6. </head>  
  7. <body>  
  8.     <form id="form1" runat="server">  
  9.     <div>  
  10.     <asp:Label ID="Label1" runat="server" Text="Name" Width="150px" Font-Bold="True" BackColor="#FFFF66" ForeColor="#FF3300"></asp:Label>  
  11.     <asp:TextBox ID="txt_name" runat="server" Width="150px"></asp:TextBox>  
  12.         <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server"  
  13.             ControlToValidate="txt_name" ErrorMessage="Please enter name"></asp:RequiredFieldValidator>  
  14.         <br />  
  15.      <asp:Label ID="Label2" runat="server" Text="Password" Width="150px" Font-Bold="True" BackColor="#FFFF66" ForeColor="#FF3300"></asp:Label>  
  16.     <asp:TextBox ID="txt_password" runat="server" TextMode="Password" Width="150px"></asp:TextBox>  
  17.         <asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server"  
  18.             ControlToValidate="txt_password" ErrorMessage="Please enter password"></asp:RequiredFieldValidator>  
  19.         <br />  
  20.     <asp:Button ID="btn_login" runat="server" Text="Login" onclick="btn_login_Click" Font-Bold="True" BackColor="#CCFF99"/>  
  21.     <asp:Label ID="lbl_msg" runat="server" Font-Bold="True" ForeColor="#FF3300"></asp:Label>  
  22.     </div>  
  23.     </form>  
  24. </body>  
  25. </html> 

Login.aspx.cs

  1. using System;  
  2. using System.Collections;  
  3. using System.Configuration;  
  4. using System.Data;  
  5. using System.Linq;  
  6. using System.Web;  
  7. using System.Web.Security;  
  8. using System.Web.UI;  
  9. using System.Web.UI.HtmlControls;  
  10. using System.Web.UI.WebControls;  
  11. using System.Web.UI.WebControls.WebParts;  
  12. using System.Xml.Linq;  
  13. using System.Globalization;  
  14. using System.Text;  
  15. using System.IO;  
  16. using System.Data.SqlClient;  
  17. namespace Register_login_Encrypt_Decrypt_Asp  
  18. {  
  19.     public partial class Login : System.Web.UI.Page  
  20.     {  
  21.         string connStr = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;  
  22.         SqlCommand com;  
  23.         SqlDataAdapter sqlda;  
  24.         DataSet ds,ds1;  
  25.         string str,str2;  
  26.         protected void btn_login_Click(object sender, EventArgs e)  
  27.         {  
  28.             SqlConnection con = new SqlConnection(connStr);  
  29.             con.Open();  
  30.             try  
  31.             {  
  32.                 sqlda = new SqlDataAdapter(@"select convert(varchar(100), DECRYPTBYPASSPHRASE ('pass',password )) AS PWD from employee where name=@name ", con);  
  33.                 Session["name"] = txt_name.Text;  
  34.                 sqlda.SelectCommand.Parameters.AddWithValue("@name", Session["name"]);  
  35.                 ds = new DataSet();  
  36.                 sqlda.Fill(ds);  
  37.                 if (ds.Tables[0].Rows.Count == 0)  
  38.                 {  
  39.                     lbl_msg.Text = "Invalid name";  
  40.                     txt_name.Text = "";  
  41.                     txt_password.Text = "";  
  42.                     return;  
  43.                 }  
  44.                 str = (ds.Tables[0].Rows[0]["PWD"]).ToString();  
  45.                 byte[] bytes = UTF8Encoding.ASCII.GetBytes(str);  
  46.                 str2 = UTF8Encoding.ASCII.GetString(bytes);  
  47.                 if (str2 != txt_password.Text)  
  48.                 {  
  49.                     lbl_msg.Text = "Invalid Password";  
  50.                     txt_password.Text = "";  
  51.                     txt_name.Text = "";  
  52.                     return;  
  53.                 }  
  54.                 else  
  55.                 {  
  56.                     com = new SqlCommand(@"select name , convert(varchar(100), DECRYPTBYPASSPHRASE ('pass',password )) AS PWD from employee where name=@name and password=@password", con);  
  57.                     com.Parameters.AddWithValue("@name", Session["name"]);  
  58.                     com.Parameters.AddWithValue("@password", str2);  
  59.                     ds1 = new DataSet();  
  60.                     sqlda.Fill(ds1);  
  61.                     if (ds1.Tables[0].Rows.Count == 0)  
  62.                     {  
  63.                         lbl_msg.Text = "Invalid name or Password";  
  64.                         txt_name.Text = "";  
  65.                         txt_password.Text = "";  
  66.                     }  
  67.                     else  
  68.                     {  
  69.                         Response.Redirect("Welcome.aspx");  
  70.                     }  
  71.                 }  
  72.             }  
  73.             catch (Exception err)  
  74.             {  
  75.                 lbl_msg.Text = "Error: " + err.ToString();   
  76.             }  
  77.         }  
  78.     }  
  79. } 

Welcome.aspx

 

  1. <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Welcome.aspx.cs" Inherits="Register_login_Encrypt_Decrypt_Asp.Welcome" %>  
  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
  3. <html xmlns="http://www.w3.org/1999/xhtml" >  
  4. <head runat="server">  
  5.     <title>Welcome Page</title>  
  6. </head>  
  7. <body>  
  8.     <form id="form1" runat="server">  
  9.     <div>  
  10.      <asp:Label ID="lb1" runat="server" Text="Label"></asp:Label>  
  11.     </div>  
  12.     </form>  
  13. </body>  
  14. </html>

Welcome.aspx.cs

 

  1. using System;  
  2. using System.Collections;  
  3. using System.Configuration;  
  4. using System.Data;  
  5. using System.Linq;  
  6. using System.Web;  
  7. using System.Web.Security;  
  8. using System.Web.UI;  
  9. using System.Web.UI.HtmlControls;  
  10. using System.Web.UI.WebControls;  
  11. using System.Web.UI.WebControls.WebParts;  
  12. using System.Xml.Linq;  
  13. using System.Data.SqlClient;  
  14. namespace Register_login_Encrypt_Decrypt_Asp  
  15. {  
  16.     public partial class Welcome : System.Web.UI.Page  
  17.     {  
  18.         string strConnString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;  
  19.         protected void Page_Load(object sender, EventArgs e)  
  20.         {  
  21.             lb1.Text = "<b><font color=Brown>" + "WELLCOME :: " + "</font>" + "<b><font color=red>" + Session["name"] + "</font>";  
  22.         }  
  23.     }  
  24. }

Output

After providing data for registration:

Image 2.jpg

Click the login link and provide the correct credentials for login:

Image 3.jpg

After providing correct credentials.