Updated October 27,
2006
Iron Speed Designer V4.0
It’s often useful for applications to encrypt data before saving it to the database. Such a situation occurs when adding a new user record, and for security reasons, you do not want their password to be readable directly from the database.
In this example, we encrypt and decrypt data using the .NET Hash() function to encrypt the password data. Of course, you could use any encryption method you wish instead of the Hash() function. When a user logs in, we hash the password value and compare the hashed password to the encrypted password in database. They will match when user provides a correct password, and the user is allowed to log in.
Our hask key is a concatenation of the Password and UserID fields. Using two data elements lessens the chances of producing identical encrypted passwords if two users have the same password, thereby increasing our level of security. Our example also assumes a Users table in our database and the Users table contains at least two fields: UserID and Password.
The following code customization encrypts the password before saving it into the database. Add this code to the UsersRecordControl class, located in:
...\<App Folder>\App_Code\Users\AddUsersPage.Controls.cs or .vb
C#:
using System.Security.Cryptography;
…
public override void GetUIData()
{
base.GetUIData();
UsersRecord record = this.GetRecord();
String password = record.Password+record.UserID;
HashAlgorithm mhash = new SHA1CryptoServiceProvider();
byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(password);
byte[] bytHash = mhash.ComputeHash(bytValue);
mhash.Clear();
record.Password = Convert.ToBase64String(bytHash);
}
Visual Basic .NET:
using System.Security.Cryptography;
Public Overrides Sub GetUIData()
MyBase.GetUIData()
Dim record As UsersRecord = Me.GetRecord
Dim password As String = record.Password + record.UserID
Dim mhash As HashAlgorithm = New SHA1CryptoServiceProvider
Dim bytValue() As Byte = System.Text.Encoding.UTF8.GetBytes(password)
Dim bytHash() As Byte = mhash.ComputeHash(bytValue)
mhash.Clear()
record.Password = Convert.ToBase64String(bytHash)
End Sub
The following code hashes the Password and UserID to create the encrypted password. It then puts this encrypted password back in to the Password text field before calling the base.login() method to complete the login process. Place this code in the SignInControl class, located in:
...\<App Folder>\App_Code\Shared\SignIn_Control.Controls.cs or .vb
C#:
using System.Security.Cryptography;
using System;
...
public override void Login(bool redirectOnSuccess)
{
String password = this.Password.Text+this.UserID.Text;
HashAlgorithm mhash = new SHA1CryptoServiceProvider();
byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(password);
byte[] bytHash = mhash.ComputeHash(bytValue);
mhash.Clear();
this.Password.Text = Convert.ToBase64String(bytHash);
base.Login(redirectOnSuccess);
}
Visual Basic .NET:
Imports System.Security.Cryptography
Imports System
Public Overloads Overrides Sub Login(ByVal bRedirectOnSuccess As Boolean)
Dim password As String = (Me.Password.Text + Me.UserID.Text)
Dim mhash As HashAlgorithm = New SHA1CryptoServiceProvider
Dim bytValue() As Byte = System.Text.Encoding.UTF8.GetBytes(password)
Dim bytHash() As Byte = mhash.ComputeHash(bytValue)
mhash.Clear()
Me.Password.Text = Convert.ToBase64String(bytHash)
MyBase.Login(bRedirectOnSuccess)
End Sub
Note: The point of hashing is preventing the user from discovering the original data. Therefore, if a user forgets their password, that particular UserID will need to provide a new password.
Part V: Customizing Generated Application Code