Sometimes you have to keep things simple. This will show you, how to hash a password (string) using MD5 or SHA-1 in C#.
First of all, put this in your source:
using System.Web.Security;
Next, create a static method that we can use anywhere in our solution:
public static string HashedPassword(string password)
{
return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "md5");
}
The FormsAuthentication class is the same, as used by the asp.net Login control. Replace md5 with "sha1" if you want a more safer hashing. Sha1 uses a 160-bit hash function which resembles the md5.
All you have to do now, is to use the new method, before saving the password to the database:
UserPassword = HashedPassword(myPasswordField);
UserPassword is the field name in your database and myPasswordField is the field name, containing the password that the user typed, when creating the user.
In your login method, you have to do almost the same. The user is typing a username and password, where the password is typed in clear text. Clear text can't be compared to the password that we've saved in the database, because it was MD5 hashed.
The trick here is to use our static method again:
if (HashedPassword(enteredPassword) == UserPassword)
// Password was correct
else
// Password was incorrect
enteredPassword is the field name, containing what ever the user was typing when trying to login. UserPassword is the field name, containg the users password from the database.
Remember
First of all, MD5 hashing is one way only, which means that it's not possible to "De-Hash" it again. Second, MD5 is not the safest way to save passwords in a none-readable way. But sha1 should be useful in most cases.
Subscribe