How to encrypt and decrypt username,password and store in Sql Server database using asp.net C#,Vb.Net

Introduction: In this article I am going to explain with example How to encrypt and decrypt or we can say encode and decode login credentials e.g. username and password and store in Sql Server Database using Asp.net with both C# and Vb.Net Language.
 
Encrypt and Decrypt user Name and Password and save in sql server database using asp.net
Click on the image to enlarge
Description: In previous article I explained How to Encrypt Query String in asp.net(C#, VB) | Encrypting and Decrypting Query String in asp.net(C#, VB) and How to Encrypt connection string in web.config | How to Decrypt connection string in web.config and  Sql server query to get second,third,fourth or nth highest salary of employee and  Load more records in Gridview on button click from sql server table and  Encrypt and Decrypt connectionString in web.config file using code in asp.net.
Now in this article I will store/save User Name and Password in the Sql Server Database in encrypted form. Also the Encrypted credentials i.e. user Name and Password will be binded in the first Grid View and In the second Grid View decrypted credentials will be binded as shown in the demo image above.

Implementation: Let’s create an asp.net web application to understand the concept of encrypting and decrypting username and password.
  • First of all we need to create a DataBase in Sql Server. So create a Database and name it “MyDatabase” or whatever you want. Create a table with the fields and Data type as shown below and name it “Tb_Login”.

Column Name
Data Type
Id
Int(Primary Key so set is identity=true)
Name
varchar(100)
UserName
varchar(100)
Password
varchar(100)


  • Now In the web.config file create the connection string to connect the web application with the database as:
<connectionStrings>
    <add name="conStr" connectionString="Data Source=LocalServer;Initial Catalog=MyDataBase;Integrated Security=True"/>
  </connectionStrings>
 
HTML Source Code
  • In the <Form> tag of the design page (.aspx) place 3 TextBox control, a label and  Two Button controls from the standard category of the visual studio’s toolbox, 3 RequiredFieldValidator validation controls for each textbox from the validation Category, and also place Two GridView data controls from the Data category and design the page as shown below.     
<div>
    <fieldset style="width:400px;">
    <legend>
    Signup form
    </legend>
    <table>
       <tr>
    <td>Name: </td><td>
        <asp:TextBox ID="txtName" runat="server"></asp:TextBox><asp:RequiredFieldValidator
            ID="rfvName" runat="server" ErrorMessage="Please enter Name"
               ControlToValidate="txtName" Display="Dynamic" ForeColor="Red"
               SetFocusOnError="True"></asp:RequiredFieldValidator></td>
    </tr>
    <tr>
    <td>User Name: </td><td>
        <asp:TextBox ID="txtUserName" runat="server"></asp:TextBox><asp:RequiredFieldValidator
            ID="rfvuserName" runat="server"
            ErrorMessage="Please enter User Name" ControlToValidate="txtUserName"
            Display="Dynamic" ForeColor="Red" SetFocusOnError="True"></asp:RequiredFieldValidator></td>
    </tr>
       <tr>
    <td>Password: </td><td>
        <asp:TextBox ID="txtPwd" runat="server" TextMode="Password"></asp:TextBox><asp:RequiredFieldValidator
            ID="rfvpwd" runat="server"
               ErrorMessage="Please enter  Password" ControlToValidate="txtPwd"
               Display="Dynamic" ForeColor="Red" SetFocusOnError="True"></asp:RequiredFieldValidator></td>
    </tr>
       <tr>
    <td>&nbsp;</td><td>
        <asp:Button ID="btnSubmit" runat="server" Text="Submit" onclick="btnSubmit_Click"/>
         <asp:Button ID="btnReset" runat="server" Text="Reset" CausesValidation="False"
               onclick="btnReset_Click" /></td>
    </tr>
    <tr>
    <td colspan="2">
        <asp:Label ID="lblSignUpStatus" runat="server" Text="" style="color: #006600"></asp:Label></td>
    </tr>
    </table>
    </fieldset>
    <br />
     <fieldset style="width:400px;">
    <legend>Encrypted Credentials in GridView</legend>
    <asp:GridView ID="grdEncryptedCredentials" runat="server"
            AutoGenerateColumns="False" CellPadding="4" ForeColor="#333333"
            GridLines="None" Width="362px">
            <AlternatingRowStyle BackColor="White" ForeColor="#284775" />
        <Columns>
        <asp:BoundField HeaderText="Name" DataField="Name" />
        <asp:BoundField HeaderText="User Name" DataField="UserName" />
        <asp:BoundField HeaderText="Password" DataField="Password" />
        </Columns>
            <EditRowStyle BackColor="#999999" />
            <FooterStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
            <HeaderStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
            <PagerStyle BackColor="#284775" ForeColor="White" HorizontalAlign="Center" />
            <RowStyle BackColor="#F7F6F3" ForeColor="#333333" />
            <SelectedRowStyle BackColor="#E2DED6" Font-Bold="True" ForeColor="#333333" />
            <SortedAscendingCellStyle BackColor="#E9E7E2" />
            <SortedAscendingHeaderStyle BackColor="#506C8C" />
            <SortedDescendingCellStyle BackColor="#FFFDF8" />
            <SortedDescendingHeaderStyle BackColor="#6F8DAE" />
        </asp:GridView>
    </fieldset>
        <br />
     <fieldset style="width:400px;">
        <legend>Decrypted Credentials in GridView</legend>
        <asp:GridView ID="grdDecryptedCredentials" runat="server"
            AutoGenerateColumns="False" BackColor="#DEBA84" BorderColor="#DEBA84"
            BorderStyle="None" BorderWidth="1px" CellPadding="3" CellSpacing="2"
             Width="369px">
        <Columns>
        <asp:BoundField HeaderText="Name" DataField="Name" />
        <asp:BoundField HeaderText="User Name" DataField="UserName" />
        <asp:BoundField HeaderText="Password" DataField="Password" />
        </Columns>
                    <FooterStyle BackColor="#F7DFB5" ForeColor="#8C4510" />
                    <HeaderStyle BackColor="#A55129" Font-Bold="True" ForeColor="White" />
                    <PagerStyle ForeColor="#8C4510" HorizontalAlign="Center" />
                    <RowStyle BackColor="#FFF7E7" ForeColor="#8C4510" />
                    <SelectedRowStyle BackColor="#738A9C" Font-Bold="True" ForeColor="White" />
                    <SortedAscendingCellStyle BackColor="#FFF1D4" />
                    <SortedAscendingHeaderStyle BackColor="#B95C30" />
                    <SortedDescendingCellStyle BackColor="#F1E5CE" />
                    <SortedDescendingHeaderStyle BackColor="#93451F" />
        </asp:GridView>
        </fieldset>
    </div>


Asp.Net C# Code for encrypting and decrypting username and password and save in Sql Server Database
  • In the code behind file (.aspx.cs) write the code as:
First include these following namespace also:

using System.Security.Cryptography;
using System.IO;
using System.Text;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

Then write the code as:

 SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["conStr"].ConnectionString);
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            BindEncryptedCredentials();
            BingDecryptedCredentials();
        } 
    }

    private void BindEncryptedCredentials()
    {      
        SqlCommand cmd = new SqlCommand("select * from Tb_Login", con);
        try
        {           
            if (con.State == ConnectionState.Closed)
            {
                con.Open();
            }
            SqlDataAdapter adp = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            adp.Fill(dt);

            if (dt.Rows.Count > 0)
            {              
                grdEncryptedCredentials.DataSource = dt;
                grdEncryptedCredentials.DataBind();
            }
            else
            {
                grdEncryptedCredentials.DataSource = null;
                grdEncryptedCredentials.DataBind();
            }
        }
        catch (Exception ex)
        {
            Response.Write("Error occured :" + ex.Message.ToString());
        }
        finally
        {
            cmd.Dispose();
            con.Close();
        }    
    }

    private void BingDecryptedCredentials()
    {
        SqlCommand cmd = new SqlCommand("select * from Tb_Login", con);
        try
        {
            if (con.State == ConnectionState.Closed)
            {
                con.Open();
            }
            SqlDataAdapter adp = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            adp.Fill(dt);
       
            if (dt.Rows.Count > 0)
            {
                for ( int i = 0; i < dt.Rows.Count; i++)
                {
                    string uName = dt.Rows[i]["userName"].ToString();
                    string pwd = dt.Rows[i]["Password"].ToString();
                  
                    dt.Rows[i]["userName"]= Decrypt(uName);
                    dt.Rows[i]["Password"] = Decrypt(pwd);
                }
                dt.AcceptChanges();
                grdDecryptedCredentials.DataSource = dt;
                grdDecryptedCredentials.DataBind();           
            }    
            else
            {
                grdDecryptedCredentials.DataSource = null;
                grdDecryptedCredentials.DataBind();
            }
        }
        catch (Exception ex)
        {
            Response.Write("Error occured :" + ex.Message.ToString());
        }
        finally
        {
            cmd.Dispose();
            con.Close();
        }
    }

    protected void btnSubmit_Click(object sender, EventArgs e)
    {
        string uName = string.Empty;
        string uPwd = string.Empty;
        SqlCommand cmd = new SqlCommand("insert into Tb_Login(Name,UserName,Password) values (@Name,@UserName,@Password)", con);
        if (con.State == ConnectionState.Closed)
        {
            con.Open();
        }
        try
        {
            uName = Encrypt(txtUserName.Text.Trim());
            uPwd = Encrypt(txtPwd.Text.Trim());
            cmd.Connection = con;
            cmd.CommandType = CommandType.Text;
            cmd.Parameters.AddWithValue("@Name", txtName.Text.Trim());
            cmd.Parameters.AddWithValue("@UserName", uName);
            cmd.Parameters.AddWithValue("@Password", uPwd);
            cmd.ExecuteNonQuery();
            lblSignUpStatus.Text = "Record Successfully submitted";
            Clear_Controls();          
            BindEncryptedCredentials();
            BingDecryptedCredentials();        
        }
        catch (Exception ex)
        {
            Response.Write("Error occured: " + ex.Message.ToString());           
        }
        finally
        {
            uName = string.Empty;
            uPwd = string.Empty;
            con.Close();
            cmd.Dispose();
        }
    }       
   
    public string Encrypt(string str)
    {
        string EncrptKey = "2013;[pnuLIT)WebCodeExpert";
        byte[] byKey = { };
        byte[] IV = { 18, 52, 86, 120, 144, 171, 205, 239 };
        byKey = System.Text.Encoding.UTF8.GetBytes(EncrptKey.Substring(0, 8));
        DESCryptoServiceProvider des = new DESCryptoServiceProvider();
        byte[] inputByteArray = Encoding.UTF8.GetBytes(str);
        MemoryStream ms = new MemoryStream();
        CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(byKey, IV), CryptoStreamMode.Write);
        cs.Write(inputByteArray, 0, inputByteArray.Length);
        cs.FlushFinalBlock();
        return Convert.ToBase64String(ms.ToArray());
    }

    public string Decrypt(string str)
    {
        str = str.Replace(" ", "+");
        string DecryptKey = "2013;[pnuLIT)WebCodeExpert";
        byte[] byKey = { };
        byte[] IV = { 18, 52, 86, 120, 144, 171, 205, 239 };
        byte[] inputByteArray = new byte[str.Length];

        byKey = System.Text.Encoding.UTF8.GetBytes(DecryptKey.Substring(0, 8));
        DESCryptoServiceProvider des = new DESCryptoServiceProvider();
        inputByteArray = Convert.FromBase64String(str.Replace(" ", "+"));
        MemoryStream ms = new MemoryStream();
        CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(byKey, IV), CryptoStreamMode.Write);
        cs.Write(inputByteArray, 0, inputByteArray.Length);
        cs.FlushFinalBlock();
        System.Text.Encoding encoding = System.Text.Encoding.UTF8;
        return encoding.GetString(ms.ToArray());
    }

    private void Clear_Controls()
    {
        txtName.Text = string.Empty;
        txtPwd.Text = string.Empty;
        txtUserName.Text = string.Empty;       
        txtName.Focus();
    }

    protected void btnReset_Click(object sender, EventArgs e)
    {
        Clear_Controls();
        lblSignUpStatus.Text = string.Empty;
    }


Asp.Net VB Code for encrypting and decrypting username and password and save in Sql Server Database
  • In the code behind file(.aspx.vb)  write the code as:
First import these namespaces also:

Imports System.Security.Cryptography
Imports System.IO
Imports System.Text
Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration

Then write the code as:

Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("conStr").ConnectionString)
    Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load
        If Not Page.IsPostBack Then
            BindEncryptedCredentials()
            BingDecryptedCredentials()
        End If
    End Sub

    Private Sub BindEncryptedCredentials()
        Dim cmd As New SqlCommand("select * from Tb_Login", con)
        Try
            If con.State = ConnectionState.Closed Then
                con.Open()
            End If
            Dim adp As New SqlDataAdapter(cmd)
            Dim dt As New DataTable()
            adp.Fill(dt)

            If dt.Rows.Count > 0 Then
                grdEncryptedCredentials.DataSource = dt
                grdEncryptedCredentials.DataBind()
            Else
                grdEncryptedCredentials.DataSource = Nothing
                grdEncryptedCredentials.DataBind()
            End If
        Catch ex As Exception
            Response.Write("Error occured :" & ex.Message.ToString())
        Finally
            cmd.Dispose()
            con.Close()
        End Try
    End Sub

    Private Sub BingDecryptedCredentials()
        Dim cmd As New SqlCommand("select * from Tb_Login", con)
        Try
            If con.State = ConnectionState.Closed Then
                con.Open()
            End If
            Dim adp As New SqlDataAdapter(cmd)
            Dim dt As New DataTable()
            adp.Fill(dt)

            If dt.Rows.Count > 0 Then
                For i As Integer = 0 To dt.Rows.Count - 1
                    Dim uName As String = dt.Rows(i)("userName").ToString()
                    Dim pwd As String = dt.Rows(i)("Password").ToString()

                    dt.Rows(i)("userName") = Decrypt(uName)
                    dt.Rows(i)("Password") = Decrypt(pwd)
                Next
                dt.AcceptChanges()
                grdDecryptedCredentials.DataSource = dt
                grdDecryptedCredentials.DataBind()
            Else
                grdDecryptedCredentials.DataSource = Nothing
                grdDecryptedCredentials.DataBind()
            End If
        Catch ex As Exception
            Response.Write("Error occured :" & ex.Message.ToString())
        Finally
            cmd.Dispose()
            con.Close()
        End Try
    End Sub

    Protected Sub btnSubmit_Click(sender As Object, e As System.EventArgs) Handles btnSubmit.Click
        Dim uName As String = String.Empty
        Dim uPwd As String = String.Empty
        Dim cmd As New SqlCommand("insert into Tb_Login(Name,UserName,Password) values (@Name,@UserName,@Password)", con)
        If con.State = ConnectionState.Closed Then
            con.Open()
        End If
        Try
            uName = Encrypt(txtUserName.Text.Trim())
            uPwd = Encrypt(txtPwd.Text.Trim())
            cmd.Connection = con
            cmd.CommandType = CommandType.Text
            cmd.Parameters.AddWithValue("@Name", txtName.Text.Trim())
            cmd.Parameters.AddWithValue("@UserName", uName)
            cmd.Parameters.AddWithValue("@Password", uPwd)
            cmd.ExecuteNonQuery()
            lblSignUpStatus.Text = "Record Successfully submitted"
            Clear_Controls()
            BindEncryptedCredentials()
            BingDecryptedCredentials()
        Catch ex As Exception
            Response.Write("Error occured: " & ex.Message.ToString())
        Finally
            uName = String.Empty
            uPwd = String.Empty
            con.Close()
            cmd.Dispose()
        End Try
    End Sub

    Public Function Encrypt(str As String) As String
        Dim EncrptKey As String = "2013;[pnuLIT)WebCodeExpert"
        Dim byKey As Byte() = {}
        Dim IV As Byte() = {18, 52, 86, 120, 144, 171, _
         205, 239}
        byKey = System.Text.Encoding.UTF8.GetBytes(EncrptKey.Substring(0, 8))
        Dim des As New DESCryptoServiceProvider()
        Dim inputByteArray As Byte() = Encoding.UTF8.GetBytes(str)
        Dim ms As New MemoryStream()
        Dim cs As New CryptoStream(ms, des.CreateEncryptor(byKey, IV), CryptoStreamMode.Write)
        cs.Write(inputByteArray, 0, inputByteArray.Length)
        cs.FlushFinalBlock()
        Return Convert.ToBase64String(ms.ToArray())
    End Function

    Public Function Decrypt(str As String) As String
        str = str.Replace(" ", "+")
        Dim DecryptKey As String = "2013;[pnuLIT)WebCodeExpert"
        Dim byKey As Byte() = {}
        Dim IV As Byte() = {18, 52, 86, 120, 144, 171, _
         205, 239}
        Dim inputByteArray As Byte() = New Byte(str.Length - 1) {}

        byKey = System.Text.Encoding.UTF8.GetBytes(DecryptKey.Substring(0, 8))
        Dim des As New DESCryptoServiceProvider()
        inputByteArray = Convert.FromBase64String(str.Replace(" ", "+"))
        Dim ms As New MemoryStream()
        Dim cs As New CryptoStream(ms, des.CreateDecryptor(byKey, IV), CryptoStreamMode.Write)
        cs.Write(inputByteArray, 0, inputByteArray.Length)
        cs.FlushFinalBlock()
        Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8
        Return encoding.GetString(ms.ToArray())
    End Function

    Private Sub Clear_Controls()
        txtName.Text = String.Empty
        txtPwd.Text = String.Empty
        txtUserName.Text = String.Empty
        txtName.Focus()
    End Sub

    Protected Sub btnReset_Click(sender As Object, e As System.EventArgs) Handles btnReset.Click
        Clear_Controls()
        lblSignUpStatus.Text = String.Empty
    End Sub

Now run the application and enter Name, Username and password and click on submit.  User Name and password will be stored in the Sql Server Database in encrypted form. Encrypted credentials i.e. user Name and Password is binded in the first Grid View  and In the second Grid View decrypted credentials are binded.

Now over to you: 
"If you like my work; you can appreciate by leaving your comments, hitting Facebook like button, following on Google+, Twitter, Linked in and Pinterest, stumbling my posts on stumble upon and subscribing for receiving free updates directly to your inbox . Stay tuned for more technical updates." 
Previous
Next Post »

12 comments

Click here for comments
October 15, 2013 ×

find error :Invalid length for a Base-64 char array or string

in
inputByteArray = Convert.FromBase64String(str.Replace(" ", "+"));

Reply
avatar
Unknown
admin
October 17, 2013 ×

Please share the created code sample for VB.net

Reply
avatar
Unknown
admin
October 22, 2013 ×

sir this Error occured :Invalid length for a Base-64 char array.

In Decrypt funcition ...

Reply
avatar
October 22, 2013 ×

Hi, This code is completely working and tested. Are you trying the same article or modifying as per your requirement?

Reply
avatar
October 22, 2013 ×

Hi Rohit Kumar, This code is completely working and tested. Are you trying the same article or modifying as per your requirement?let me know i will help you sort out your error..

Reply
avatar
Danish Khan
admin
November 15, 2013 ×

sir why are u replace string "" with +

Reply
avatar
Anonymous
admin
November 16, 2013 ×

just codes no walk through on Salt, IVs ?? why DES as specific cryptoservice provider??

Reply
avatar
Anonymous
admin
December 03, 2013 ×

Hi, I was wondering why you use encrypting instead of hashed passwords? Many thanks

Reply
avatar
December 03, 2013 ×

Hi, there are multiple ways for that purpose..encrypting was also one of them,,:)

Reply
avatar
Unknown
admin
September 19, 2015 ×

wowwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww

Reply
avatar
October 04, 2015 ×

Thanks for your valuable feedback..

Reply
avatar
Unknown
admin
March 01, 2016 ×

I Am new learner of C#.net and I wanted to know detailed working of the code.. Specially In Encrypt and Decrypt function only... Can u help me sir

Reply
avatar

If you have any question about any post, Feel free to ask.You can simply drop a comment below post or contact via Contact Us form. Your feedback and suggestions will be highly appreciated. Also try to leave comments from your account not from the anonymous account so that i can respond to you easily..