Introduction
What is password?
A protected word or string of characters which serves as authentication of a person's identity (personal password), or which may be used to grant or deny access to private or shared data (access password).
So passwords plays a great role of security in our daily life for example take email, one should have a strong password to deny un authorized accessing.
Your passwords are the keys you use to access personal information that you've stored on your computer and in your online accounts.
If criminals or other malicious users steal this information, they can use your name to open new credit card accounts, apply for a mortgage, or pose as you in online transactions. In many cases you would not notice these attacks until it was too late.
Let us come to our topic password hashing in c#.
Hashed Password
The main aim of Hashing is to prevent unwanted eyes to see the password stored in Database and flat files, so that we can prevent hacking of our web applications.
So in order to hide the user’s passwords in database we have to create a hashed value of the password and store it in the database. The main advantage of hashing is other people will never know our actual password, at the same time the main drawback is if we forget our password it is difficult to recover that.
How to create Hashed password?
In this article we are creating Sha1 Hashed password. Sha1 is SHA1 gives a quick and easy way to encode a password into a non-human readable form. This means it is safer to store in a database, and should the database be viewed by anyone who shouldn't know the passwords, it will be much more difficult for them to work out what a user's password is.
The first step in creating Sha1 hashed password is to add System.Web.Security
Namespace as reference to our application
using System.Web.Security;
Generating Hashed password is simple ,the following code will do that
string HashedPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile
(TxtPassword.Text, "sha1");
LblHash.Text = HashedPassword;
we can store the generated hashed password direcy\tly into the database
How to retrieve Hashed password from Database
The following example compares i the already hashed value in your database with the password entered by the user. If the two hashed strings are equal, go ahead and authenticate the user.
string UserInputtedHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile( TxtPassword.Text, "sha1");
if(UserInputtedHashedPassword == GetUsersHashedPasswordUsingUserName(TxtUserName.Text))
{
Response.Redirect("page2.aspx");
}
else
{
Response.Write("Invalid Username or password");
}
Summary
This article explains how to generate Hashed passwords
|
| Author: Vasanth Kumar 29 Jun 2006 | Member Level: Silver Points : 0 |
I have more helpful for this article password hashing.
In that i have one doubt,
you compare the password string "GetUsersHashedPasswordUsingUserName".
where you declare this string,or this is any build in function.
How we can convert hash value which we get from database, in to string.Because if anybody forget the password,its necessary.
@
Vasanth
|