none
Could you spare some time to help me with a small problem? I need to explain encryption and decryption in this project . RRS feed

  • Question

  • using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Data.SqlClient;
    using System.Configuration;
    using System.Net;
    using System.Net.Mail;

    public partial class UserRegistration : System.Web.UI.Page
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["conn"].ConnectionString);

        string gMailAccount = "abumarwa15@gmail.com";
        string password = "abumarwa07504585573";
        string to;
        string subject = "Security key for login";
        string message;
        string Securitykey;
        string ranno;

        protected void Page_Load(object sender, EventArgs e)
        {

        }
        protected void Button4_Click(object sender, EventArgs e)
        {
            string stat = "Inactive";
            try
            {
                if (DropDownList1.SelectedItem.ToString() != "--SELECT--")
                {
                    string nam = DropDownList1.SelectedItem.ToString(); ;
                    int val = Convert.ToInt32(TextBox4.Text);
                    con.Open();
                    SqlCommand cmd1 = new SqlCommand("select sign from grouplogin where usrnm='"+nam.ToLower().ToString()+"'",con);
                    string sign = cmd1.ExecuteScalar().ToString();
                    SqlCommand cmd = new SqlCommand("insert into usergrp1 values('" + TextBox5.Text + "','" + TextBox1.Text + "','" + TextBox2.Text + "','"+nam+"','" + val + "','"+TextBox6.Text+"','"+stat+"','"+sign+"')", con);
                    cmd.ExecuteNonQuery();
                    
                    message = "<hr><br>Hello " + "<b>" + TextBox5.Text + " ! </b><br><br>" + "Your Login Security Key is : " + "<b>" + sign + "</b>";
                    to = TextBox6.Text;
                    NetworkCredential loginInfo = new NetworkCredential(gMailAccount, password);
                    MailMessage msg = new MailMessage();
                    msg.From = new MailAddress(gMailAccount);
                    msg.To.Add(new MailAddress(to));
                    msg.Subject = subject;
                    msg.Body = message;
                    msg.IsBodyHtml = true;

                    try
                    {
                        SmtpClient client = new SmtpClient("smtp.gmail.com");
                        client.EnableSsl = true;
                        client.UseDefaultCredentials = false;
                        client.Credentials = loginInfo;
                        client.Send(msg);
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine(ex);
                        Label7.Visible = true;
                        Label7.Text = "OFFLINE : Failure Sending Mail !";

                    }
                    
                    con.Close();
                    
                    TextBox1.Text = "";
                    TextBox2.Text = "";
                    TextBox4.Text = "";
                    TextBox5.Text = "";
                    TextBox6.Text = "";
                    DropDownList1.SelectedIndex = -1;
                    ClientScript.RegisterStartupScript(this.GetType(), "fncall()", "<script>alert('Registered successfully')</script>");
                    //Response.Redirect("userlogin.aspx");
                }
                            
                else
                {
                    ClientScript.RegisterStartupScript(this.GetType(), "fncall()", "<script>alert('Invalid registration')</script>");
                }
            }
            catch(Exception ex)
            {
                ClientScript.RegisterStartupScript(this.GetType(),"fncall()","<script>alert('Invalid registration')</script>");
            }
        }

        protected void Button3_Click(object sender, EventArgs e)
        {
            TextBox1.Text = "";
            TextBox2.Text = "";
            TextBox4.Text = "";
            TextBox5.Text = "";
            TextBox6.Text = "";
            DropDownList1.SelectedIndex = -1;
        }
    }
    Wednesday, December 4, 2019 5:49 PM

Answers

  • Hi Sirwan Doski,

    Did you solve your problem? If your question has been answered then please click the "Mark as Answer" Link at the bottom of the correct post(s), so that it will help other members to find the solution quickly if they face a similar issue.

    Best Regards,

    Xingyu Zhao 

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Sirwan Doski Friday, January 3, 2020 8:13 PM
    Tuesday, December 24, 2019 8:01 AM
    Moderator

All replies

  • I do not see anything being encrypted or decrypted in the project.  The closest thing I see is you are using Https to send emails.
    Thursday, December 5, 2019 1:19 AM
  • I believe the "sign" from "grouplogin" table could be some form of encrypted password that he is trying to send to user.

    Without knowing how to set it in the first place, we certainly don't know how to decrypt it.

    However, note that for companies that implemented such security measure, the most common way is to just save the hash of password provided, usually MD5/SHA1/SHA256/SHA512. If that's the case it would be impractical, if not impossible, to reverse it. The recommanded way is just to generate a random password, save the new hash to a temp table in database (don't overwrite the password yet as it could be some other people sending in password change request), then request change to password if the next time user login with this hash.

    Of course given the name suggested it is password for "grouplogin", it might not be the correct way either. (You'll also have to mail the new password to all users within that group if they share the same password)

    Thursday, December 5, 2019 1:59 AM
    Answerer
  • Hi Sirwan Doski,

    Thank you for posting here.

    Could you provide more information about what you want to encrypt and decrypt? It will help to analyze your problem and make a test.

    We are waiting for your update.

    Best Regards,
    Xingyu Zhao


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, December 5, 2019 9:31 AM
    Moderator
  • Yes it is well I just want to spread it

    Do you can help me please

    Friday, December 6, 2019 10:36 AM
  • Yes it is true sir how the mechanism works can explain to me if you can
    Friday, December 6, 2019 11:13 AM
  • How can explain for me 

    How to convert From Text to decrypt it.

    int val = Convert.ToInt32(TextBox4.Text);

    Friday, December 6, 2019 11:22 AM
  • Hi Sirwan Doski, 

    Thanks for your feedback.

    As cheong00 suggested, if the "sign" from "grouplogin" table is hashed data, you cannot un-hash hashed data because hashing is a one-way conversion.

    You can store hashed data in database. When a user logs in with their password, you'll start off by calculating a hash for that password and then comparing it with the value that is stored in the database. If both values end up matching then we have a winner.

    Here’s an example of using SHA256 to calculate hash values.

            private byte[] CalculateSHA256(string str)
            {
                SHA256 sha256 = SHA256Managed.Create();
                byte[] hashValue;
                UTF8Encoding objUtf8 = new UTF8Encoding();
                hashValue = sha256.ComputeHash(objUtf8.GetBytes(str));
    
                return hashValue;
            }
    

    Besides, if I have any misunderstanding, please provide more details about the data you want to decrypt.

    Best Regards,

    Xingyu Zhao



    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, December 10, 2019 2:35 AM
    Moderator
  • Hi Sirwan Doski,

    Did you solve your problem? If your question has been answered then please click the "Mark as Answer" Link at the bottom of the correct post(s), so that it will help other members to find the solution quickly if they face a similar issue.

    Best Regards,

    Xingyu Zhao 

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Sirwan Doski Friday, January 3, 2020 8:13 PM
    Tuesday, December 24, 2019 8:01 AM
    Moderator
  • Ok sir thank you to solve for me but i have another problem i don't know how generate this code wCHCQycUzVJbq2kaxaA0cKGD0IpYfyiv3/F/B1KMcwI= from sql server and Microsoft Visual Studio ASP.net by groups i can connect for you by Special for my project to send for you if you accept .
    Friday, January 3, 2020 8:29 PM
  • It's encrypted data (length = 32 bytes, possibly SHA256 hash of some other input) in Base64 format.
    Monday, January 6, 2020 1:16 AM
    Answerer
  • Well, thanks for this inquiry mr cheong00 . Can you help me, and this is my hope I will send you my full project and understand me more.Because I need so much if you help me, I will be grateful to you, please
    Friday, January 10, 2020 10:33 AM
  • As I've mentioned elsewhere, I'm unable to help because I don't have the equipment to compile anything larger than single file snippet.

    Just give you some hint to trace what's going on.

    You'll want to perform global search on "grouplogin" keyword. Notice any SQL to insert data into that table. And from there, find how do the code gather the "sign" field value, this is how your site encrypt the data.

    If it uses encryption then use can use the same algorithm and key to reverse it to show the plain password, if it uses has algorithm then creating a new password like I said before is pretty much the only thing you can do.

    Friday, January 10, 2020 11:22 AM
    Answerer
  • okay give me your email i will send you my project and check your self i didn't find.

    Friday, January 10, 2020 12:34 PM