How to create user with password encryption?

1

How do I do in my ASP.Net MVC 5 and EF 6 application to save encrypted passwords in MD5 format when creating users?

    
asked by anonymous 15.05.2014 / 21:43

2 answers

1

The method below encodes the user's password into the default Base 64, but MD5 can be used without problems, just replacing the Base64 method with an equivalent MD5:

    /// <summary>
    /// Encode password.
    /// </summary>
    /// <param name="password">Password.</param>
    /// <returns>Encoded password.</returns>
    private string EncodePassword(string password)
    {
        string encodedPassword = password;

        switch (PasswordFormat)
        {
            case MembershipPasswordFormat.Clear:
                break;
            case MembershipPasswordFormat.Encrypted:
                byte[] encryptedPass = EncryptPassword(Encoding.Unicode.GetBytes(password));
                encodedPassword = Convert.ToBase64String(encryptedPass);
                break;
            case MembershipPasswordFormat.Hashed:
                HMACSHA1 hash = new HMACSHA1();
                hash.Key = HexToByte(machineKey.ValidationKey);
                encodedPassword =
                  Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
                break;
            default:
                throw new ProviderException("Unsupported password format.");
        }

        return encodedPassword;
    }

A method that can be implemented native is available in this link :

public string CalculateMD5Hash(string input)
{
    // Calcular o Hash
    MD5 md5 = System.Security.Cryptography.MD5.Create();
    byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
    byte[] hash = md5.ComputeHash(inputBytes);

    // Converter byte array para string hexadecimal
    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < hash.Length; i++)
    {
        sb.Append(hash[i].ToString("X2"));
    }
    return sb.ToString();
}

Usage:

seuModel.Senha = EncodePassword(senha);

The problem is that MD5 is not reversible, as opposed to Base 64.

    
15.05.2014 / 22:04
3

The easiest way is to add a library through Nuget (Manage NuGet packages ...). There are numerous libraries for this. This is better because the algorithm should be much more tested, and because of the ease of switching to better encryption (like Blowfish).

My suggestion is to use CryptSharp . If you want, you can put methods related to encryption in a separate class:

using System;
using CryptSharp;

public static class Criptografia
{
    public static string Codifica(string senha) {
        return Crypter.MD5.Crypt(senha);
    }

    public static bool Compara(string senha, string hash) {
        return Crypter.CheckPassword(senha, hash);
    }
}

then use:

public ActionResult CriaUsuario(CriaUsuarioViewModel vm) {
    // ...
    var senhaCriptografada = Criptografia.Codifica(senha);
    // ...
}

public ActionResult Login(LoginViewModel vm) {
    // ...

    var usuario = dc.Usuarios.FirstOrDefault(x => x.Login == vm.Login);

    if (Criptografia.Compara(vm.senha, usuario.Senha)){
        // OK
    }
    else {
        // Senha incorreta
    }
    // ...
}
    
15.05.2014 / 22:03