Member Avatar for tashiDuks

Hello Everyone,

I have designing a desktop application using VB.NET 2008 & SQL Server 2005.
In my Application i have a frmUserRegistration to add a user & frmLogin to login to my application.

i can add the user details in the database but my password seems to be in characters.

Login form also works using my method. BUT MY PROBLEM IS THAT I DONT KNOW HOW TO STORE THE USER PASSWORD IN ENCRYPTED MANNER TO THE SQL DATABASE AND DECRYPT THE PASSWORD WHEN USER LOGIN TO MY APPLICATION.

CAN ANYONE HELP ME HOW TO AS I AM NEW TO THIS. IT WOULD BE BETTER IF YOU ALL CAN MAKE A CLASS FILE.

Thanks,

Tashi Duks

  • 7 Contributors
  • 14 Replies
  • 3K Views
  • 1 Month Discussion Span
  • Latest Post Latest Post by BigJames
Member Avatar for murugavel84

Hello Everyone,

I have designing a desktop application using VB.NET 2008 & SQL Server 2005.
In my Application i have a frmUserRegistration to add a user & frmLogin to login to my application.

i can add the user details in the database but my password seems to be in characters.

Login form also works using my method. BUT MY PROBLEM IS THAT I DONT KNOW HOW TO STORE THE USER PASSWORD IN ENCRYPTED MANNER TO THE SQL DATABASE AND DECRYPT THE PASSWORD WHEN USER LOGIN TO MY APPLICATION.

CAN ANYONE HELP ME HOW TO AS I AM NEW TO THIS. IT WOULD BE BETTER IF YOU ALL CAN MAKE A CLASS FILE.

Thanks,

Tashi Duks

Hi try this

http://www.dotnetspider.com/resources/22194-password-Encryption-Decryption.aspx

this will help you. Otherwise let me know...

Member Avatar for tashiDuks

Thanks but... the link which u have provided to me is of C#, actually i need in vb language.

Waiting for your help.

Tashi Duks

Member Avatar for murugavel84

Thanks but... the link which u have provided to me is of C#, actually i need in vb language.

Waiting for your help.

Tashi Duks

Hi here is the vb vb.net version of code:

Private Function base64Encode(ByVal sData As String) As String
        Try
            Dim encData_byte As Byte() = New Byte(sData.Length - 1) {}
            encData_byte = System.Text.Encoding.UTF8.GetBytes(sData)
            Dim encodedData As String = Convert.ToBase64String(encData_byte)
            Return (encodedData)
        Catch ex As Exception
            Throw (New Exception("Error in base64Encode" & ex.Message))
        End Try
    End Function

    Public Function base64Decode(ByVal sData As String) As String
        Dim encoder As New System.Text.UTF8Encoding()
        Dim utf8Decode As System.Text.Decoder = encoder.GetDecoder()
        Dim todecode_byte As Byte() = Convert.FromBase64String(sData)
        Dim charCount As Integer = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
        Dim decoded_char As Char() = New Char(charCount - 1) {}
        utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
        Dim result As String = New [String](decoded_char)
        Return result
    End Function

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Dim pwd As String = base64Encode("velu")
        Dim dec As String = base64Decode(pwd)
    End Sub

Let me know any more queries. If it helps mark as solved.

Member Avatar for tashiDuks

Hi here is the vb vb.net version of code:

Private Function base64Encode(ByVal sData As String) As String
        Try
            Dim encData_byte As Byte() = New Byte(sData.Length - 1) {}
            encData_byte = System.Text.Encoding.UTF8.GetBytes(sData)
            Dim encodedData As String = Convert.ToBase64String(encData_byte)
            Return (encodedData)
        Catch ex As Exception
            Throw (New Exception("Error in base64Encode" & ex.Message))
        End Try
    End Function

    Public Function base64Decode(ByVal sData As String) As String
        Dim encoder As New System.Text.UTF8Encoding()
        Dim utf8Decode As System.Text.Decoder = encoder.GetDecoder()
        Dim todecode_byte As Byte() = Convert.FromBase64String(sData)
        Dim charCount As Integer = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
        Dim decoded_char As Char() = New Char(charCount - 1) {}
        utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
        Dim result As String = New [String](decoded_char)
        Return result
    End Function

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Dim pwd As String = base64Encode("velu")
        Dim dec As String = base64Decode(pwd)
    End Sub

Let me know any more queries. If it helps mark as solved.

Thanks for the code. I tried and its working. WHEN IT COMES ON USING THIS FUNCTION FOR STORING THE USER PASSWORD (SQL SERVER2005) AND LOGIN... I FAILED. SO CAN U TELL ME HOW TO ?

I have following forms:

1. frmUserSetup
a. txtUserName
b. txtUserFullName
c. txtPassword
d. txtConfrmPassword
e. btnSave
f. btnAddNew
g. btnCancel

2. frmUserLogin
a. txtUserName
c. txtPassword
f. btnLogin
g. btnCancel

I would really appreciate if you can solve this, as i am stuck on this line.

TashiDuks

Member Avatar for murugavel84

Thanks for the code. I tried and its working. WHEN IT COMES ON USING THIS FUNCTION FOR STORING THE USER PASSWORD (SQL SERVER2005) AND LOGIN... I FAILED. SO CAN U TELL ME HOW TO ?

I have following forms:

1. frmUserSetup
a. txtUserName
b. txtUserFullName
c. txtPassword
d. txtConfrmPassword
e. btnSave
f. btnAddNew
g. btnCancel

2. frmUserLogin
a. txtUserName
c. txtPassword
f. btnLogin
g. btnCancel

I would really appreciate if you can solve this, as i am stuck on this line.

TashiDuks

Can u please put the code you were used to store?

Member Avatar for DrkNite

I find that it's much easier to only bother with encoding the password and not bother to decode.
in other words make a hash from the password or password and salt.
this means i can use MD5 to encode and not have to bother with an symmetric or asymmetric algorithm
plus it means the only really effective attack against the password is a brute force attack.


store the hash in the database
then when the user logs in hash the entered password and compare the hashes, if they match password is good.

here is the code i use to make the hash

Function makeMD5Hash(ByVal strToHash As String) As String
        Dim md5Obj As New MD5CryptoServiceProvider()
        Dim bytesToHash() As Byte = System.Text.Encoding.ASCII.GetBytes(strToHash)
        bytesToHash = md5Obj.ComputeHash(bytesToHash)
        Dim strResult As String = ""

        For Each b As Byte In bytesToHash
            strResult += b.ToString("x2")
        Next

        Return strResult
    End Function

to use the function

Dim salt as string = "xxxxxxxxxxxxx"
Dim nPassword As String = "password" & salt
Dim ePassword As String = makeMD5Hash(nPassword)

you can then save this to your database / regfile / ini file what ever

the salt can be anything you want doesnt need to be xxxxxx could be totally random number and letters as long as it's a constant
the salt can be at the front or rear of the string, in this case i've put it at the rear.

same code can be used to compare the two, this time
do something like this
( in this case i'm pulling the password from the registry )

Dim nPassword As String = MaskedTextBox1.Text
Dim ePassword As String = makeMD5Hash(nPassword)
regKey = Registry.LocalMachine
regSubKey = regKey.CreateSubKey("SOFTWARE\MyApplication")
Dim sPassword as string = regSubKey.GetValue("StoredPassword")

if ePassword = sPassword then
	'allow access to application / form.show() / etc
else
	'see ya / me.close / etc...
end if

hope this helps.

Edited by DrkNite because: n/a
Member Avatar for Anigmalee

I just use MD5 hash the password..then do some math...MD5 hash again,
store the password in database. When user key in thier password, their password will be hash with same manner, and compare to database. Think should be safe enough^^Anyway, my application no security sensitive application.

Member Avatar for tashiDuks

Hi,

Actually... my code which i have was deleted as i thought of starting new coding by asking you.

Sorry for bothering you. So can you tell me?

TashiDuks

Member Avatar for tashiDuks

Can u please put the code you were used to store?

HI,

Thanks you for help and the code which you are asking is that... i have removed the code which i wrote, as i thought of codding new one by asking your help.

So please can you help me building a code as per my controls which i have mentioned?

TashiDuks

Member Avatar for crazyhorse09

By "help me", do you mean do all the work for you?

Member Avatar for tashiDuks

Hi murugavel84,

I am really happy to use your function which you have provided for Encrypting and Decrypting.

I have tested your function and it really worked for me, but I DONT HOW TO USE THIS FUNCTION FOR STORING THE USER PASSWORD TO THE SQL SERVER DATABASE AND USE THE ENCRYPTED USER PASSWORD WHILE LOGIN IN. so can you please help me how to use this function in the form?

1. User password will be stored in the SQL Server Database in encrypted Form.

2. The encrypted password to be used when the user logins in the my application.

I would really appreciate if u can solve my problem.

Thanks,

TashiDuks

Member Avatar for tashiDuks

Thanks for the code which u have provided to me. It really helped me. YOU ARE GENIUS !!!!!

TashiDuks.

Member Avatar for BigJames

provide the code plz !

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.