how to encrypt and decrypt password and stored in database using asp.net or encrypt or decrypt user password with c#

Home
Asp.Net
FRAMEWORKS
- Web Pages
- Web Forms
- MVC
TECHNOLOGIES
vNEXT
Get Help: Ask a Question in our Forums | Report a Bug | More Help Resources
Ajax
Gridview
JavaScript
SQL
JQuery
OOPS Concepts
Interview Questions
Trace Mobile Number
Contact

By: Suresh Dasari Dec 28, 2010

Introduction

Here I will explain how to encrypt data and save it in database and how to decrypt encrypted data in database using asp.net

Description

First we will learn what is encryption and decryption

Encryption is the process of translating plain text data into something that appears to be random and meaningless.

Decryption is the process of translating random and meaningless data to plain text.

Why we need to use this Encryption and decryption processes

By using this process we can hide original data and display some junk data based on this we can provide some security for our data.

Here I will explain how to encrypt data and how to save that data into database after that I will show how to decrypt that encrypted data in database and how we can display that decrypted data on form.

I have a form with four fileds username, password, firstname, lastname here I am encrypting password data and saving that data into database after that I am getting from database and decrypting the encrypted password data and displaying that data using gridview.

Design your aspx like this

</head>

<body>

<div>

<tr>

<b>Encryption and Decryption of Password</b>

</td>

</tr>

<tr>

<td>

UserName

</td>

<td>

<asp:TextBox ID="txtname" runat="server"></asp:TextBox>

</td>

</tr>

<tr>

<td>

Password

</td>

<td>

<asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox>

</td>

</tr>

<tr>

<td>

FirstName

</td>

<td>

<asp:TextBox ID="txtfname" runat="server"></asp:TextBox>

</td>

</tr>

<tr>

<td>

LastName

</td>

<td>

<asp:TextBox ID="txtlname" runat="server"></asp:TextBox>

</td>

</tr>

<tr>

<td>

</td>

<td>

<asp:Button ID="btnSubmit" runat="server" Text="Submit"

onclick="btnSubmit_Click" />

</td>

</tr>

</table>

</div>

<div>

<tr>

<td>

<b>Encryption of Password Details</b>

</td>

</tr>

<tr>

<td>

<asp:GridView ID="gvUsers" runat="server" CellPadding="4" BackColor="White"

BorderColor="#CC9966" BorderStyle="None" BorderWidth="1px">

<HeaderStyle BackColor="#990000" Font-Bold="True" ForeColor="#FFFFCC"

HorizontalAlign="Left"/>

</asp:GridView>

</td>

</tr>

</table>

</div>

<div>

<tr>

<td>

<b>Decryption of Password Details</b>

</td>

</tr>

<tr>

<td>

<asp:GridView ID="gvdecryption" runat="server" BackColor="White"

BorderColor="#CC9966" BorderStyle="None" BorderWidth="1px" CellPadding="4"

onrowdatabound="gvdecryption_RowDataBound">

</asp:GridView>

</td>

</tr>

</table>

</div>

</form>

</body>

</html>

After that add System.Text namespace in code behind because in this namespace contains classes representing ASCII and Unicode character encodings

After that add following code in code behind and design one table in database with four fields and give name as "SampleUserdetails"

private const string strconneciton = "Data Source=MYCBJ017550027;Initial Catalog=MySamplesDB;Integrated Security=True";

SqlConnection con = new SqlConnection(strconneciton);

protected void Page_Load(object sender, EventArgs e)

{

if (!IsPostBack)

{

BindencryptedData();

BindDecryptedData();

}

/// <summary>

/// btnSubmit event is used to insert user details with password encryption

/// </summary>

/// <param name="sender"></param>

/// <param name="e"></param>

protected void btnSubmit_Click(object sender, EventArgs e)

{

string strpassword = Encryptdata(txtPassword.Text);

con.Open();

SqlCommand cmd = new SqlCommand("insert into SampleUserdetails(UserName,Password,FirstName,LastName) values('" + txtname.Text + "','" + strpassword + "','" + txtfname.Text + "','" + txtlname.Text + "')", con);

cmd.ExecuteNonQuery();

con.Close();

BindencryptedData();

BindDecryptedData();

}

/// <summary>

/// Bind user Details to gridview

/// </summary>

protected void BindencryptedData()

{

con.Open();

SqlCommand cmd = new SqlCommand("select * from SampleUserdetails", con);

SqlDataAdapter da = new SqlDataAdapter(cmd);

DataSet ds = new DataSet();

da.Fill(ds);

gvUsers.DataSource = ds;

gvUsers.DataBind();

con.Close();

}

/// <summary>

/// Bind user Details to gridview

/// </summary>

protected void BindDecryptedData()

{

con.Open();

SqlCommand cmd = new SqlCommand("select * from SampleUserdetails", con);

SqlDataAdapter da = new SqlDataAdapter(cmd);

DataSet ds = new DataSet();

da.Fill(ds);

gvdecryption.DataSource = ds;

gvdecryption.DataBind();

con.Close();

}

/// <summary>

/// Function is used to encrypt the password

/// </summary>

/// <param name="password"></param>

/// <returns></returns>

private string Encryptdata(string password)

{

string strmsg = string.Empty;

byte[] encode = new byte[password.Length];

encode = Encoding.UTF8.GetBytes(password);

strmsg = Convert.ToBase64String(encode);

return strmsg;

}

/// <summary>

/// Function is used to Decrypt the password

/// </summary>

/// <param name="password"></param>

/// <returns></returns>

private string Decryptdata(string encryptpwd)

{

string decryptpwd = string.Empty;

UTF8Encoding encodepwd = new UTF8Encoding();

Decoder Decode = encodepwd.GetDecoder();

byte[] todecode_byte = Convert.FromBase64String(encryptpwd);

int charCount = Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);

char[] decoded_char = new char[charCount];

Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);

decryptpwd = new String(decoded_char);

return decryptpwd;

}

/// <summary>

/// rowdatabound condition is used to change the encrypted password format to decryption format

/// </summary>

/// <param name="sender"></param>

/// <param name="e"></param>

protected void gvdecryption_RowDataBound(object sender, GridViewRowEventArgs e)

{

if (e.Row.RowType == DataControlRowType.DataRow)

{

string decryptpassword = e.Row.Cells[2].Text;

e.Row.Cells[2].Text = Decryptdata(decryptpassword);

}

Demo

Download sample code attached

If you enjoyed this post, please support the blog below. It's FREE!

Get the latest Asp.net, C#.net, VB.NET, jQuery, Plugins & Code Snippets for FREE by subscribing to our Facebook, Twitter, RSS feed, or by email.

Subscribe by RSS

Subscribe by Email

25 comments :

zia said...: wat about 1 way hashing; January 5, 2011 at 4:49 AM
manish said...: gud one...............; February 28, 2011 at 11:52 PM
Anonymous said...: hi.
Sir I Run Your program but i have One error occured
Invalid length for a Base-64 char array.

please help me What Shhould i do; May 27, 2011 at 5:09 AM
Suresh Dasari said...: hi,
check this here i explained clearly how to solve this Invalid length for a Base-64 char array
http://www.aspdotnet-suresh.com/2011/05/invalid-length-for-base-64-char-array.html; May 28, 2011 at 1:59 AM
Anonymous said...: This is encoding not encryption. Using only base64 to encode a password is worthless; you may as well use cleartext as this is going to take an intruder about 30 seconds to break.; June 28, 2011 at 9:27 PM
Anonymous said...: hi i am getting error in visual studio 2008 i am using c# and sql i got this error

A potentially dangerous Request.Form value was detected from the client (TextBox1="< html >").

cos its not accepting tag type characters. pls help; July 7, 2011 at 9:44 PM
Suresh Dasari said...: hi you have to set ValidateRequest="false" on the @Page line your problem will solve; July 7, 2011 at 10:12 PM
yogesh saroya said...: hi
when i m using byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("", "+")); this then it show (String cannot be of zero length.
Parameter name: oldValue) but also update data in database .... and program terminate....; July 16, 2011 at 6:51 AM
amrit said...: hi
when i m using byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("", "+")); this then it show (String cannot be of zero length.
Parameter name: oldValue) but also update data in database .... and program terminate....
hi
when i m using byte[] todecode_byte = Convert.FromBase64String(encryptpwd.Replace("", "+")); this then it show (String cannot be of zero length.
Parameter name: oldValue) but also update data in database .... and program terminate....; November 25, 2011 at 12:53 AM
Bhaskar said...: it good to given a video explanation about encrypt and decryption in c#

Thanks for sharing

http://csharpektroncmssql.blogspot.com; December 13, 2011 at 4:32 AM
Noel Briggs said...: THIS IS HORRIBLE ADVICE.

THIS IS NOT ENCRYPTION - IT IS BASE64 ENCODING.

CALLING BASE64 DECODING WILL BREAK YOUR "ENCRYPTION."

You're not doing any sort of encryption here, all you're doing is storing text in base64 format. This is terrible advice, and anyone that takes this article seriously, and uses it to try to secure actual sensitive data will be at real risk because of what you have written here.

REALLY irresponsible to be writing articles on encryption when you obviously have no idea what you're doing. Just to start, you don't even have any of the cryptography namespaces imported into your "solution."

This isn't even amateur - it's a complete misunderstanding of what you're doing. Again - Base64 is just a format - not at all encryption. It is plain text!!!!!!!; March 13, 2012 at 5:25 PM
Anonymous said...: Solve This Error Invalid length for a Base-64 char array.

No Need to Cahnge this encryptpwd.Replace('', '+'));

Try this Only Change index of Cell

if (e.Row.RowType == DataControlRowType.DataRow)
{
string decryptpassword = e.Row.Cells[1].Text;
e.Row.Cells[1].Text = Decryptdata(decryptpassword);
}; August 3, 2012 at 3:20 AM
ravi said...: Thank you very much; August 8, 2012 at 4:17 AM
Jitendra Gangwar said...: This comment has been removed by the author.; August 13, 2012 at 12:19 PM
Anonymous said...: Yaah its working superb.Thank u mans; August 23, 2012 at 3:54 AM
Anonymous said...: Thanks My Dear
A great post but a person knowing this decryption can decrypt it. so any another way to make a run time random decrypt.
Thanks Once again; September 10, 2012 at 10:51 PM
Farzad F Wadia said...: some-think wrong with this code:-

byte[] todecode_byte = Convert.FromBase64String(encryptpwd);; September 29, 2012 at 9:59 PM
Anonymous said...: Don't be so rough on this guy. True, his example is not demonstrating encrytion, but it does display the foundation. The encrypt and dycrypt function just need to be altered. I would recommend reading through http://msdn.microsoft.com/en-us/library/system.security.cryptography(v=vs.71).aspx. I would also do some more research before starting to store passwords in a database. Your users expect this of a good programmer and web developer.; October 28, 2012 at 4:22 PM
suresh said...: hi Mr.Dasari

how to set a "UTF8Encode". Which Kind of header files need to add???

help me Mr.dasari

BY
suresh; December 22, 2012 at 11:27 PM
manish kumar said...: use this namespace

using System.Text;; December 24, 2012 at 10:39 PM
Anonymous said...: sorryy but your this password encryption algorithm is not working in any condition.....please suggest something other method; January 6, 2013 at 12:07 AM
Pgp said...: Thank you very much Disertation writing, We appreciate your interest and suggestions.; January 9, 2013 at 7:20 AM
Anonymous said...: Thank You,....Absolutely good coding...; April 21, 2013 at 7:05 AM
Anonymous said...: this is very good; April 26, 2013 at 2:15 AM
Anonymous said...: which visual studio version is good for web designing 2008 or 2010 pls reply me my mail id pmkarthi87@gmail.com; April 26, 2013 at 2:16 AM