locked
C# application with password RRS feed

  • Question

  • Hello,

    I develop a C# application, the user has to enter a password in the application and in the code I compare what the user enters with the plain password in the code.

    I know it's not okay to harden the password in the code, and I wanted to know what is the best practice in this case to not make the password clear in the code?
    Do you have a specific example with code?

    Thank you.
    Friday, August 7, 2020 5:47 PM

All replies

  • Hello,

    There is really no way to do this to guard against a hacker but if that is not a concern then try the following.

    Add the following class to your project.

    using System;
    using System.IO;
    using System.Security.Cryptography;
    using System.Text;
    
    namespace DemoEncryptString
    {
        public class Utility
        {
            private static string _encryptkey = "aXb2uy4z";
            public static string EncryptString(string inputString)
            {
                MemoryStream memStream = null;
                try
                {
                    byte[] key;
                    byte[] IV = { 12, 21, 43, 17, 57, 35, 67, 27 };
                    key = Encoding.UTF8.GetBytes(_encryptkey);
                    byte[] byteInput = Encoding.UTF8.GetBytes(inputString);
                    var provider = new DESCryptoServiceProvider();
                    memStream = new MemoryStream();
                    ICryptoTransform transform = provider.CreateEncryptor(key, IV);
                    var cryptoStream = new CryptoStream(memStream, transform, CryptoStreamMode.Write);
                    cryptoStream.Write(byteInput, 0, byteInput.Length);
                    cryptoStream.FlushFinalBlock();
                }
                catch (Exception)
                {
                    return "";
                }
                return Convert.ToBase64String(memStream.ToArray());
            }
            public static string DecryptString(string inputString)
            {
                MemoryStream memStream = null;
                try
                {
                    byte[] key = { };
                    byte[] IV = { 12, 21, 43, 17, 57, 35, 67, 27 };
                    //string encryptKey = "aXb2uy4z"; // MUST be 8 characters
                    key = Encoding.UTF8.GetBytes(_encryptkey);
                    byte[] byteInput = new byte[inputString.Length];
                    byteInput = Convert.FromBase64String(inputString);
                    var provider = new DESCryptoServiceProvider();
                    memStream = new MemoryStream();
                    ICryptoTransform transform = provider.CreateDecryptor(key, IV);
                    var cryptoStream = new CryptoStream(memStream, transform, CryptoStreamMode.Write);
                    cryptoStream.Write(byteInput, 0, byteInput.Length);
                    cryptoStream.FlushFinalBlock();
                }
                catch (Exception)
                {
                    return "";
                }
    
                var encoding1 = Encoding.UTF8;
                return encoding1.GetString(memStream.ToArray());
            }
            /// <summary>
            /// Set from running EncryptString
            /// </summary>
            private const string _appPassword = "OAMTlseguq7cnB7prCAOgKu9TqvpIx0R";
            /// <summary>
            /// Use to validate a password
            /// </summary>
            /// <param name="userPassword"></param>
            /// <returns></returns>
            public static bool PasswordCheck(string userPassword)
            {
                
                return EncryptString(userPassword) == _appPassword;
            }
        }
    
    }
    

    Encrypt a string

    var result = Utility.EncryptString("ThisIsMy!Password");
    Console.WriteLine(result);

    Take the result value and enter it into the const in the class above here

    private const string _appPassword

    Validate at run time via a TextBox and Button

    private void PasswordCheckButton_Click(object sender, EventArgs e)
    {
    
        if (Utility.PasswordCheck(PasswordTextBox.Text))
        {
            // password is a match
        }
        else
        {
            // invalid password
        }
    }


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Saturday, August 8, 2020 9:55 AM
  • Hi speed780,
    Has your problem been solved? If it is resolved, we suggest that you mark it as the answer. So it can help other people who have the same problem find a solution quickly.
    Best Regards,
    Daniel Zhang


    "Windows Forms General" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Windows Forms General" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Tuesday, August 18, 2020 9:25 AM