How to create secure Registration and login page with Hashing encryption concepts in asp.net

By
Introduction:- Hi friend,Today we will learn how to make secure registration and login page with hashing concepts in asp.net applications.Here we will also learn how to create https certificate on iis server.First we will learn why does we use hasing concepts and its advantages ? How to know this website is using hashing concepts or encryption or decryption concepts. Check by two steps..
1.) Change Password:-Suppose you want to change the password,if website send your password to your respective mobile or email address then you have to know that this website is not using hashing concepts otherwise it uses hashing concepts.
2.) Forget Password:-Suppose you want to forget your password and you want to change it,if website send your password on your respective mobile and email address then that website is not using hashing concepts otherwise it uses hashing concepts.
Nowadays , many popular websites are using hashing concepts like google (gmail,youtube, google+ ,etc.) , Facebook ,yahoo ,paypal ,twitter ,Instagram,linkedin , all banking websites etc. Many websites are  used encryption and decryption concepts also.But hashing concepts is more better than others .How to use hashing concepts in asp.net website

I have implemented following concepts in this application as given below:-
There are some steps to implements this whole concepts in your asp.net website as given below:-
Step 1 :- First open your visual studio --> File --> Website --> Select ASP.NET Empty Website -->OK --> After that add a web form in Solution Explorer window (Registrationpage.aspx ,login page.aspx,etc.) as shown below:-

Create this Registration Page in following techniques as given below:-
  • First create a table with three columns in your visual studio.
  • In first row, Create User Name --> drag and drop Update panel from the toolbox -->Put Text Box control inside Update panel control--> after that drag and drop RequiredFieldValidator 
  • Second row-->Password--> TextBox-->Now put RequiredFieldValidator.
  • Third Row-->Retype Password-->TextBox-->Now put Comparevalidator, RequiredFieldValidator.
  • Fourth row-->Mobile Number-->TextBox-->Put RegularExpressionValidator &  RequiredFieldValidator
  • Fifth Row -->Email Id -->TextBox-->Put RegularExpressionValidator and  RequiredFieldValidator.
  • Six Row--> Captcha Code --> For this  you have to Read This Concepts.
Note :-
  • Remember one things , You have to knowledge of Ajax concepts and Validation concepts.
  • You have to add one by one concepts after implement it on your visual studio.
Step 2 :- Now Create a Database.mdf on your website--> For this You have to Read this concepts -->after that create following fields in your table in your Database.mdf file as shown below:-

Note :-
  • You can use it on other database like oracle, MS Access ,SQL MYSQL etc.
Step 3 :- Now double click on Submit Button and write the following code as given below:

using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Drawing;
using System.Text;
using System.Security.Cryptography;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void TextBox1_TextChanged(object sender, EventArgs e)
    {  
        SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
        con.Open();
        SqlCommand cmd = new SqlCommand("select*from regform where username='" + TextBox1.Text + "'", con);
        SqlDataReader dr = cmd.ExecuteReader();

        if (dr.Read())
        {
            Label1.Text = "User Name is Already Exist";
            this.Label1.ForeColor = Color.Red;
        }
        else
        {
            Label1.Text = "UserName is Available";
            this.Label1.ForeColor = Color.Red;
        }
        con.Close();
    }
    protected void  Button1_Click(object sender, EventArgs e)
{
   //password hashing MD5 concepts is used below...
    byte[] hs = new byte[50];
    string pass = TextBox2.Text;
    MD5 md5 = MD5.Create();
    byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass);
    byte[] hash = md5.ComputeHash(inputBytes);
    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < hash.Length; i++)
    {
        hs[i] = hash[i];
        sb.Append(hs[i].ToString("x2"));
    }
    var hash_pass = sb.ToString();
   //password hashing SH1 concepts is used below:-
/*...................................................................*/
   /*byte[] hs1 = new byte[50];
    string pass1 = TextBox2.Text;
    SHA1 sh = SHA1.Create();
    byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
    byte[] hash1 = sh.ComputeHash(inputBytes);
    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < hash1.Length; i++)
    {
        hs1[i] = hash1[i];
        sb.Append(hs1[i].ToString("x2"));
    }
    var hash_pass = sb.ToString(); */
/*...................................................................*/     
    //below codes are captcha validations..
    captcha1.ValidateCaptcha(TextBox6.Text.Trim());
    if (captcha1.UserValidated)
    {
        //you can use disconnected architecture also,here i have used connected architecture.

        SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
        con.Open();
        SqlCommand cmd = new SqlCommand("insert into regform values(@a,@b,@c,@d)", con);
        cmd.Parameters.AddWithValue("a", TextBox1.Text);
        cmd.Parameters.AddWithValue("b", hash_pass);
        cmd.Parameters.AddWithValue("c", TextBox4.Text);
        cmd.Parameters.AddWithValue("d", TextBox5.Text);
        cmd.ExecuteNonQuery();
        Session["name"] = TextBox1.Text;
        Response.Redirect("default.aspx");
        con.Close();
    }
    else
    {
        //Response.Redirect("Registration.aspx");
        Label2.ForeColor = System.Drawing.Color.Red;
        Label2.Text = "You have Entered InValid Captcha Characters please Enter again";
    }       
}
    
}

Note:-
  • Here i have used md5 and sha1 hashing concepts but at a time only one can be used so that i have used md5 hashing concepts.
  • If You want,You can use sha1 hashing concepts after uncomment the sha1 codes as given in above c# codes.
Step 4 :- Now open Solution Explorer Window-->Add a web form (login.aspx)--> Drag and drop some controls as shown below:-



Step 5 :-  Now Double click on Login Button and write the following c# codes as given below:

using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Drawing;
using System.Text;
using System.Security.Cryptography;

public partial class login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        //Do MD5 Hashing...
     byte[] hs = new byte[50];
     string pass=passtxt.Text;   
     MD5 md5 = MD5.Create();
     byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass);
     byte[] hash = md5.ComputeHash(inputBytes);
        StringBuilder sb = new StringBuilder();
     for (int i = 0; i < hash.Length; i++)
      {
          hs[i] = hash[i];  
        sb.Append(hs[i].ToString("x2"));
      }
       var hash_pass = sb.ToString();
       //password hashing SH1 concepts is used below:-
/*...................................................................*/
       /*byte[] hs1 = new byte[50];
        string pass1 = TextBox1.Text;
        SHA1 sh = SHA1.Create();
        byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
        byte[] hash1 = sh.ComputeHash(inputBytes);
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < hash1.Length; i++)
        {
            hs1[i] = hash1[i];
            sb.Append(hs1[i].ToString("x2"));
        }
        var hash_pass = sb.ToString(); */
/*...................................................................*/
        //SQL CONNECTIONS...
        SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
        con.Open();
        SqlCommand cmd = new SqlCommand("select COUNT(*)FROM regform WHERE username='" + user.Text + "' and password='" + hash_pass + "'");
        cmd.Connection = con;
        int OBJ = Convert.ToInt32(cmd.ExecuteScalar());
        if (OBJ > 0)
        {
            if (CheckBox1.Checked)
            {
                HttpCookie mycookie = new HttpCookie(user.Text, passtxt.Text);
                mycookie.Expires = DateTime.Now.AddDays(5);
                Response.Cookies.Add(mycookie);
            }
            Session["name"] = user.Text;
            Session["pass"] = passtxt.Text;
            Response.Redirect("default.aspx");
        }
        else
        {
            Label1.Text = "Invalid username or password";
            this.Label1.ForeColor = Color.Red;
        }
    }
    protected void LinkButton2_Click(object sender, EventArgs e)
    {
        Response.Redirect("Registration.aspx");
    }
}

How to fix your forget password:-
Step 1 :- Suppose ,you have forgotten your password --->then add three pages in your solution Explorer Window (ForgetPass.aspx , mobile.aspx,Newpass.aspx) as shown below:-



Step 2 :- Open ForgetPass.aspx page --> Drag and drop Label ,TextBox and Button controls on the page as shown below:-


Step 3 :- Now Double click on Proceed Button --> Write the c# codes as given below:-

using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class Forgetpass : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
        con.Open();
         SqlCommand cmd = new SqlCommand("select COUNT(*)FROM regform WHERE username='" + TextBox1.Text + "'");
        cmd.Connection = con;
        int OBJ = Convert.ToInt32(cmd.ExecuteScalar());
        if (OBJ > 0)
        {
            Response.Redirect("mobile.aspx");
        }
        else
        {
            Label1.Text = "Invalid username";
        }
    }
}

Step 4 :-Now Open mobil.aspx page --> Drag and drop Label ,TextBox and Button controls on the page as shown below:-

Step 5 :-Now Double click on Proceed Button --> Write the c# codes as given below:-

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class mobile : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
         SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
        con.Open();
        SqlCommand cmd = new SqlCommand("select COUNT(*)FROM regform WHERE phoneno='" + TextBox1.Text + "' and email ='" + TextBox2.Text + "'");
        cmd.Connection = con;
        int OBJ = Convert.ToInt32(cmd.ExecuteScalar());
        if (OBJ > 0)
        {
            Session["phoneno"] = TextBox1.Text;
            Session["email"] =TextBox2.Text;
            Response.Redirect("Newpass.aspx");
        }
        else
        {
            Label1.Text = "Invalid Mobile or Email id";
        }

    }
}
Step 6 :-Now Open NewPass.aspx page --> Drag and drop  Label  ,TextBox  and  Button controls on the page as shown below:-

Step 7 :-Now Double click on Proceed Button --> Write the c# codes as given below:-

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Text;
using System.Security.Cryptography;

public partial class Newpass : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
        con.Open();
        byte[] hs = new byte[50];
        string pass = TextBox1.Text;
        MD5 md5 = MD5.Create();
        byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass);
        byte[] hash = md5.ComputeHash(inputBytes);
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < hash.Length; i++)
        {
            hs[i] = hash[i];
            sb.Append(hs[i].ToString("x2"));
        }
        Label1.Text = sb.ToString();
        var str = "update regform set password='"+Label1.Text+"' where phoneno= '"+Session["phoneno"]+"' and email='"+Session["email"]+"'";
           SqlCommand cmd2 = new SqlCommand(str, con);
          cmd2.ExecuteNonQuery();
          con.Close();
          Response.Redirect("changed.aspx");
        }
       
    }

How to fix Your change Password:-

Step 1 :-First Add a web form(Default.aspx) in your Solution Explorer window --> Drag and drop label  and button (Changed Password ,Logout)controls as shown below:-

Step 2 :- Now Double click on Changed Password and Log Out Button and write the following codes as given below:-

using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        Label1.Text = Session["name"].ToString();
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        Session["name"] = null;
        Response.Redirect("login.aspx");

    }
    protected void Button2_Click(object sender, EventArgs e)
    {
        Response.Redirect("old_pass.aspx");
    }
}

Step 3 :- Now add a web form (old_pass.aspx) in Solution Explorer Window -->Drag and drop label ,TextBox and Button Controls on the page as shown below:-

Step 4 :-Now Double click on Submit Button and write the following codes as given below:-

using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Security.Cryptography;
using System.Text;

public partial class Default2 : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
    protected void Button1_Click(object sender, EventArgs e)
    {
        if (Session["pass"].ToString() == TextBox1.Text)
        {
            //password hashing MD5 concepts is used below...
            byte[] hs = new byte[50];
            string pass = TextBox1.Text;
            MD5 md5 = MD5.Create();
            byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass);
            byte[] hash = md5.ComputeHash(inputBytes);
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < hash.Length; i++)
            {
                hs[i] = hash[i];
                sb.Append(hs[i].ToString("x2"));
            }
            var oldhash_pass = sb.ToString();
            //password hashing SH1 concepts is used below:-
            /*...................................................................*/
            /*byte[] hs1 = new byte[50];
             string pass1 = TextBox1.Text;
             SHA1 sh = SHA1.Create();
             byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
             byte[] hash1 = sh.ComputeHash(inputBytes);
             StringBuilder sb = new StringBuilder();
             for (int i = 0; i < hash1.Length; i++)
             {
                 hs1[i] = hash1[i];
                 sb.Append(hs1[i].ToString("x2"));
             }
             var hash_pass = sb.ToString(); */
            /*....................................................................................*/

            //password hashing MD5 concepts is used below...
            byte[] hs1 = new byte[50];
            string pass1 = TextBox3.Text;
            MD5 newmd5 = MD5.Create();
            byte[] new_inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
            byte[] new_hash = newmd5.ComputeHash(new_inputBytes);
            StringBuilder new_sb = new StringBuilder();
            for (int i = 0; i < new_hash.Length; i++)
            {
                hs1[i] = new_hash[i];
                new_sb.Append(hs1[i].ToString("x2"));
            }
            var newhash_pass = new_sb.ToString();
            //password hashing SH1 concepts is used below:-
            /*...................................................................*/
            /*byte[] hs1 = new byte[50];
             string pass1 = TextBox1.Text;
             SHA1 sh = SHA1.Create();
             byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
             byte[] hash1 = sh.ComputeHash(inputBytes);
             StringBuilder sb = new StringBuilder();
             for (int i = 0; i < hash1.Length; i++)
             {
                 hs1[i] = hash1[i];
                 sb.Append(hs1[i].ToString("x2"));
             }
             var hash_pass = sb.ToString(); */
            con.Open();
            var update_str = "update regform set password='" + newhash_pass + "'where password= '" + oldhash_pass + "'";
            SqlCommand cmd1 = new SqlCommand(update_str, con);
            cmd1.ExecuteNonQuery();
            Response.Redirect("changed.aspx");
        }
        else
        {
            Label1.Text = "somthing went wrong....";
        }
        
    }

}

Step 5 :-Now add a web form (changed.aspx)-->Drag and drop HyperLink and Label controls as shown below:-

Step 6 :- Now Press F5 --> Write the Email codes as given below:-

using System;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Net.Mail;
using System.Net;

public partial class changed : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        try
        {
            var destination_email = Session["email"].ToString();
            //Mail sending codes...
            SmtpClient smtpc = new SmtpClient("smtp.gmail.com");
            smtpc.Port = 587;
            smtpc.EnableSsl = true;
            smtpc.UseDefaultCredentials = false;
            var sender_mail = "ns748563@gmail.com"; //<--Enter your gmail id here
            var email_password = "neha@4774";//<--Enter gmail password here
            var subject_name = "msdotnet website"; //Subject for your website
            var message = "webcome to http://msdotnet.co.in. You password has been successfully changed, Thank you..."; //Message body
            smtpc.Credentials = new NetworkCredential(sender_mail, email_password);
            MailMessage email = new MailMessage(sender_mail, destination_email, subject_name, message);
            smtpc.Send(email);
        }
        catch
        {
            Label1.Text = "I am unable to inform this change activity on your email address due to server problem...";
        }

    }
}

Step 7 :- Now Run the Application (Press F5) --> You will see following output in video as shown below:-

Note:-  
  • You can implement Form Based Authentication in this page from here
  • You can use different connection strings in this page from here
For More...
  1. How to implement 3 tier concepts with real life examples
  2. How to create setup file(.exe) easily
  3. How to create setup file with sql database
  4. How to create photo gallery in asp.net website
  5. Learn .NET Interview Questions and Answers easily
  6. How to make media player in visual studio easily
  7. How to insert data in Access Database and bind it in gridview
  8. How to build file handling Real application
  9. How to host wcf services on Local machine easily
  10. How to use web services in asp.net application
  11. How to build your own calculator easily
  12. How to Run c# program on Notepad easily
  13. Learn Crystal Report with examples
  14. Learn sql data query with real examples
  15. Learn and implement Ajax concepts with examples
  16. Learn WCF concepts with examples
  17. Learn Web services concepts with examples
  18. How to use Data List control with examples
  19. How to use Repeater control with examples
  20. How to buy or sell your projects easily and free
Download Whole Attached Application
            DOWNLOAD

1 comment:

  1. Nice Tutorial.Very much helpful.Plaese continue.Thanks

    ReplyDelete

Powered by Blogger.