Introduction:- Hi friend,Today we will learn how to make secure registration and login page with hashing concepts in asp.net applications.Here we will also learn how to create https certificate on iis server.First we will learn why does we use hasing concepts and its advantages ? How to know this website is using hashing concepts or encryption or decryption concepts. Check by two steps..
1.) Change Password:-Suppose you want to change the password,if website send your password to your respective mobile or email address then you have to know that this website is not using hashing concepts otherwise it uses hashing concepts.
2.) Forget Password:-Suppose you want to forget your password and you want to change it,if website send your password on your respective mobile and email address then that website is not using hashing concepts otherwise it uses hashing concepts.
Nowadays , many popular websites are using hashing concepts like google (gmail,youtube, google+ ,etc.) , Facebook ,yahoo ,paypal ,twitter ,Instagram,linkedin , all banking websites etc. Many websites are used encryption and decryption concepts also.But hashing concepts is more better than others .How to use hashing concepts in asp.net website?
I have implemented following concepts in this application as given below:-
Step 1 :- First open your visual studio --> File --> Website --> Select ASP.NET Empty Website -->OK --> After that add a web form in Solution Explorer window (Registrationpage.aspx ,login page.aspx,etc.) as shown below:-
Create this Registration Page in following techniques as given below:-
Note :-1.) Change Password:-Suppose you want to change the password,if website send your password to your respective mobile or email address then you have to know that this website is not using hashing concepts otherwise it uses hashing concepts.
2.) Forget Password:-Suppose you want to forget your password and you want to change it,if website send your password on your respective mobile and email address then that website is not using hashing concepts otherwise it uses hashing concepts.
Nowadays , many popular websites are using hashing concepts like google (gmail,youtube, google+ ,etc.) , Facebook ,yahoo ,paypal ,twitter ,Instagram,linkedin , all banking websites etc. Many websites are used encryption and decryption concepts also.But hashing concepts is more better than others .How to use hashing concepts in asp.net website?
I have implemented following concepts in this application as given below:-
- Ajax (Script manager , Update panel etc.)
- Validation concepts (RequiredFieldValidator ,CompareValidator,RangeValidator,etc.)
- Captcha Concepts(First concepts ,second concepts)
- Cookies Concepts
- Session Concepts
- Hashing concepts
- Secure HTTPS Concepts
- Forget Password
- Change Password
- Email concepts
- Remember Me
- Database (.mdf)
- You can Add Virtual keyboard also
Step 1 :- First open your visual studio --> File --> Website --> Select ASP.NET Empty Website -->OK --> After that add a web form in Solution Explorer window (Registrationpage.aspx ,login page.aspx,etc.) as shown below:-
Create this Registration Page in following techniques as given below:-
- First create a table with three columns in your visual studio.
- In first row, Create User Name --> drag and drop Update panel from the toolbox -->Put Text Box control inside Update panel control--> after that drag and drop RequiredFieldValidator
- Second row-->Password--> TextBox-->Now put RequiredFieldValidator.
- Third Row-->Retype Password-->TextBox-->Now put Comparevalidator, RequiredFieldValidator.
- Fourth row-->Mobile Number-->TextBox-->Put RegularExpressionValidator & RequiredFieldValidator
- Fifth Row -->Email Id -->TextBox-->Put RegularExpressionValidator and RequiredFieldValidator.
- Six Row--> Captcha Code --> For this you have to Read This Concepts.
- Remember one things , You have to knowledge of Ajax concepts and Validation concepts.
- You have to add one by one concepts after implement it on your visual studio.
Note :-
- You can use it on other database like oracle, MS Access ,SQL MYSQL etc.
using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Drawing;
using System.Text;
using System.Security.Cryptography;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void TextBox1_TextChanged(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
con.Open();
SqlCommand cmd = new SqlCommand("select*from regform where username='" + TextBox1.Text + "'", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
Label1.Text = "User Name is Already Exist";
this.Label1.ForeColor = Color.Red;
}
else
{
Label1.Text = "UserName is Available";
this.Label1.ForeColor = Color.Red;
}
con.Close();
}
protected void Button1_Click(object sender, EventArgs e)
{
//password hashing MD5 concepts is used below...
byte[] hs = new byte[50];
string pass = TextBox2.Text;
MD5 md5 = MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
hs[i] = hash[i];
sb.Append(hs[i].ToString("x2"));
}
var hash_pass = sb.ToString();
//password hashing SH1 concepts is used below:-
/*...................................................................*/
/*byte[] hs1 = new byte[50];
string pass1 = TextBox2.Text;
SHA1 sh = SHA1.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
byte[] hash1 = sh.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash1.Length; i++)
{
hs1[i] = hash1[i];
sb.Append(hs1[i].ToString("x2"));
}
var hash_pass = sb.ToString(); */
/*...................................................................*/
//below codes are captcha validations..
captcha1.ValidateCaptcha(TextBox6.Text.Trim());
if (captcha1.UserValidated)
{
//you can use disconnected architecture also,here i have used connected architecture.
SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
con.Open();
SqlCommand cmd = new SqlCommand("insert into regform values(@a,@b,@c,@d)", con);
cmd.Parameters.AddWithValue("a", TextBox1.Text);
cmd.Parameters.AddWithValue("b", hash_pass);
cmd.Parameters.AddWithValue("c", TextBox4.Text);
cmd.Parameters.AddWithValue("d", TextBox5.Text);
cmd.ExecuteNonQuery();
Session["name"] = TextBox1.Text;
Response.Redirect("default.aspx");
con.Close();
}
else
{
//Response.Redirect("Registration.aspx");
Label2.ForeColor = System.Drawing.Color.Red;
Label2.Text = "You have Entered InValid Captcha Characters please Enter again";
}
}
}
Note:-
- Here i have used md5 and sha1 hashing concepts but at a time only one can be used so that i have used md5 hashing concepts.
- If You want,You can use sha1 hashing concepts after uncomment the sha1 codes as given in above c# codes.
Step 5 :- Now Double click on Login Button and write the following c# codes as given below:
using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Drawing;
using System.Text;
using System.Security.Cryptography;
public partial class login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
//Do MD5 Hashing...
byte[] hs = new byte[50];
string pass=passtxt.Text;
MD5 md5 = MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
hs[i] = hash[i];
sb.Append(hs[i].ToString("x2"));
}
var hash_pass = sb.ToString();
//password hashing SH1 concepts is used below:-
/*...................................................................*/
/*byte[] hs1 = new byte[50];
string pass1 = TextBox1.Text;
SHA1 sh = SHA1.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
byte[] hash1 = sh.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash1.Length; i++)
{
hs1[i] = hash1[i];
sb.Append(hs1[i].ToString("x2"));
}
var hash_pass = sb.ToString(); */
/*...................................................................*/
//SQL CONNECTIONS...
SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
con.Open();
SqlCommand cmd = new SqlCommand("select COUNT(*)FROM regform WHERE username='" + user.Text + "' and password='" + hash_pass + "'");
cmd.Connection = con;
int OBJ = Convert.ToInt32(cmd.ExecuteScalar());
if (OBJ > 0)
{
if (CheckBox1.Checked)
{
HttpCookie mycookie = new HttpCookie(user.Text, passtxt.Text);
mycookie.Expires = DateTime.Now.AddDays(5);
Response.Cookies.Add(mycookie);
}
Session["name"] = user.Text;
Session["pass"] = passtxt.Text;
Response.Redirect("default.aspx");
}
else
{
Label1.Text = "Invalid username or password";
this.Label1.ForeColor = Color.Red;
}
}
protected void LinkButton2_Click(object sender, EventArgs e)
{
Response.Redirect("Registration.aspx");
}
}
How to fix your forget password:-
Step 1 :- Suppose ,you have forgotten your password --->then add three pages in your solution Explorer Window (ForgetPass.aspx , mobile.aspx,Newpass.aspx) as shown below:-
Step 2 :- Open ForgetPass.aspx page --> Drag and drop Label ,TextBox and Button controls on the page as shown below:-
Step 3 :- Now Double click on Proceed Button --> Write the c# codes as given below:-
using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
public partial class Forgetpass : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
con.Open();
SqlCommand cmd = new SqlCommand("select COUNT(*)FROM regform WHERE username='" + TextBox1.Text + "'");
cmd.Connection = con;
int OBJ = Convert.ToInt32(cmd.ExecuteScalar());
if (OBJ > 0)
{
Response.Redirect("mobile.aspx");
}
else
{
Label1.Text = "Invalid username";
}
}
}
Step 4 :-Now Open mobil.aspx page --> Drag and drop Label ,TextBox and Button controls on the page as shown below:-
Step 5 :-Now Double click on Proceed Button --> Write the c# codes as given below:-
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
public partial class mobile : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
con.Open();
SqlCommand cmd = new SqlCommand("select COUNT(*)FROM regform WHERE phoneno='" + TextBox1.Text + "' and email ='" + TextBox2.Text + "'");
cmd.Connection = con;
int OBJ = Convert.ToInt32(cmd.ExecuteScalar());
if (OBJ > 0)
{
Session["phoneno"] = TextBox1.Text;
Session["email"] =TextBox2.Text;
Response.Redirect("Newpass.aspx");
}
else
{
Label1.Text = "Invalid Mobile or Email id";
}
}
}
Step 7 :-Now Double click on Proceed Button --> Write the c# codes as given below:-
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Text;
using System.Security.Cryptography;
public partial class Newpass : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
con.Open();
byte[] hs = new byte[50];
string pass = TextBox1.Text;
MD5 md5 = MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
hs[i] = hash[i];
sb.Append(hs[i].ToString("x2"));
}
Label1.Text = sb.ToString();
var str = "update regform set password='"+Label1.Text+"' where phoneno= '"+Session["phoneno"]+"' and email='"+Session["email"]+"'";
SqlCommand cmd2 = new SqlCommand(str, con);
cmd2.ExecuteNonQuery();
con.Close();
Response.Redirect("changed.aspx");
}
}
Step 1 :-First Add a web form(Default.aspx) in your Solution Explorer window --> Drag and drop label and button (Changed Password ,Logout)controls as shown below:-
using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Label1.Text = Session["name"].ToString();
}
protected void Button1_Click(object sender, EventArgs e)
{
Session["name"] = null;
Response.Redirect("login.aspx");
}
protected void Button2_Click(object sender, EventArgs e)
{
Response.Redirect("old_pass.aspx");
}
}
Step 3 :- Now add a web form (old_pass.aspx) in Solution Explorer Window -->Drag and drop label ,TextBox and Button Controls on the page as shown below:-
Step 4 :-Now Double click on Submit Button and write the following codes as given below:-
using System;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Security.Cryptography;
using System.Text;
public partial class Default2 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
SqlConnection con = new SqlConnection(@"Data Source=.\;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True;");
protected void Button1_Click(object sender, EventArgs e)
{
if (Session["pass"].ToString() == TextBox1.Text)
{
//password hashing MD5 concepts is used below...
byte[] hs = new byte[50];
string pass = TextBox1.Text;
MD5 md5 = MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
hs[i] = hash[i];
sb.Append(hs[i].ToString("x2"));
}
var oldhash_pass = sb.ToString();
//password hashing SH1 concepts is used below:-
/*...................................................................*/
/*byte[] hs1 = new byte[50];
string pass1 = TextBox1.Text;
SHA1 sh = SHA1.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
byte[] hash1 = sh.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash1.Length; i++)
{
hs1[i] = hash1[i];
sb.Append(hs1[i].ToString("x2"));
}
var hash_pass = sb.ToString(); */
/*....................................................................................*/
//password hashing MD5 concepts is used below...
byte[] hs1 = new byte[50];
string pass1 = TextBox3.Text;
MD5 newmd5 = MD5.Create();
byte[] new_inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
byte[] new_hash = newmd5.ComputeHash(new_inputBytes);
StringBuilder new_sb = new StringBuilder();
for (int i = 0; i < new_hash.Length; i++)
{
hs1[i] = new_hash[i];
new_sb.Append(hs1[i].ToString("x2"));
}
var newhash_pass = new_sb.ToString();
//password hashing SH1 concepts is used below:-
/*...................................................................*/
/*byte[] hs1 = new byte[50];
string pass1 = TextBox1.Text;
SHA1 sh = SHA1.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(pass1);
byte[] hash1 = sh.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash1.Length; i++)
{
hs1[i] = hash1[i];
sb.Append(hs1[i].ToString("x2"));
}
var hash_pass = sb.ToString(); */
con.Open();
var update_str = "update regform set password='" + newhash_pass + "'where password= '" + oldhash_pass + "'";
SqlCommand cmd1 = new SqlCommand(update_str, con);
cmd1.ExecuteNonQuery();
Response.Redirect("changed.aspx");
}
else
{
Label1.Text = "somthing went wrong....";
}
}
}
Step 5 :-Now add a web form (changed.aspx)-->Drag and drop HyperLink and Label controls as shown below:-
Step 6 :- Now Press F5 --> Write the Email codes as given below:-
using System;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Net.Mail;
using System.Net;
public partial class changed : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
try
{
var destination_email = Session["email"].ToString();
//Mail sending codes...
SmtpClient smtpc = new SmtpClient("smtp.gmail.com");
smtpc.Port = 587;
smtpc.EnableSsl = true;
smtpc.UseDefaultCredentials = false;
var sender_mail = "ns748563@gmail.com"; //<--Enter your gmail id here
var email_password = "neha@4774";//<--Enter gmail password here
var subject_name = "msdotnet website"; //Subject for your website
var message = "webcome to http://msdotnet.co.in. You password has been successfully changed, Thank you..."; //Message body
smtpc.Credentials = new NetworkCredential(sender_mail, email_password);
MailMessage email = new MailMessage(sender_mail, destination_email, subject_name, message);
smtpc.Send(email);
}
catch
{
Label1.Text = "I am unable to inform this change activity on your email address due to server problem...";
}
}
}
Note:-
- You can implement Form Based Authentication in this page from here
- You can use different connection strings in this page from here
- How to implement 3 tier concepts with real life examples
- How to create setup file(.exe) easily
- How to create setup file with sql database
- How to create photo gallery in asp.net website
- Learn .NET Interview Questions and Answers easily
- How to make media player in visual studio easily
- How to insert data in Access Database and bind it in gridview
- How to build file handling Real application
- How to host wcf services on Local machine easily
- How to use web services in asp.net application
- How to build your own calculator easily
- How to Run c# program on Notepad easily
- Learn Crystal Report with examples
- Learn sql data query with real examples
- Learn and implement Ajax concepts with examples
- Learn WCF concepts with examples
- Learn Web services concepts with examples
- How to use Data List control with examples
- How to use Repeater control with examples
- How to buy or sell your projects easily and free
DOWNLOAD
Nice Tutorial.Very much helpful.Plaese continue.Thanks
ReplyDelete