D
D
Dmitry Zamula2013-11-22 01:20:45
C++ / C#
Dmitry Zamula, 2013-11-22 01:20:45

How to implement password saving in C# application?

There is an application that uses authorization, and I want to make it possible to save the login and password (if the user wishes), is there any means to implement this? Or how else can you do it

Answer the question

In order to leave comments, you need to log in

4 answer(s)
W
Webdesus, 2013-11-22
@DimkaMind

If the application is local, then you need to make the encryption such that, knowing the encryption algorithm, it would not be possible to decrypt it. Because an advanced user will be able to decompile your code and see what algorithm you are using.
It is safer to use some kind of authorization service. This is what concerns corporate applications. The same windows authorization in the domain.

I
Ilya, 2013-11-22
@Zerpico

I use SHA1, not the most secure of course, but I don’t have the FSB here after all.
Here are 2 methods for encryption and decryption:

//шифрование
public static string Encrypt(string plainText, string password,
       string salt = "Kosher", string hashAlgorithm = "SHA1",
       int passwordIterations = 2, string initialVector = "OFRna73m*aze01xY",
       int keySize = 256)
{
    if (string.IsNullOrEmpty(plainText))
    return "";
 
    byte[] initialVectorBytes = Encoding.ASCII.GetBytes(initialVector);
    byte[] saltValueBytes = Encoding.ASCII.GetBytes(salt);
    byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
 
    PasswordDeriveBytes derivedPassword = new PasswordDeriveBytes(password, saltValueBytes, hashAlgorithm, passwordIterations);
    byte[] keyBytes = derivedPassword.GetBytes(keySize / 8);
    RijndaelManaged symmetricKey = new RijndaelManaged();
    symmetricKey.Mode = CipherMode.CBC;
 
    byte[] cipherTextBytes = null;
 
    using (ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initialVectorBytes))
    {
        using (MemoryStream memStream = new MemoryStream())
        {
            using (CryptoStream cryptoStream = new CryptoStream(memStream, encryptor, CryptoStreamMode.Write))
            {
                cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
                cryptoStream.FlushFinalBlock();
                cipherTextBytes = memStream.ToArray();
                memStream.Close();
                cryptoStream.Close();
            }
        }
    }
 
     symmetricKey.Clear();
       return Convert.ToBase64String(cipherTextBytes);
}
 
 
 
//дешифрование
public static string Decrypt(string cipherText, string password,
       string salt = "Kosher", string hashAlgorithm = "SHA1",
       int passwordIterations = 2, string initialVector = "OFRna73m*aze01xY",
       int keySize = 256)
{         
    if (string.IsNullOrEmpty(cipherText))
        return "";
 
    byte[] initialVectorBytes = Encoding.ASCII.GetBytes(initialVector);
    byte[] saltValueBytes = Encoding.ASCII.GetBytes(salt);
    byte[] cipherTextBytes = Convert.FromBase64String(cipherText);
 
    PasswordDeriveBytes derivedPassword = new PasswordDeriveBytes(password, saltValueBytes, hashAlgorithm, passwordIterations);
    byte[] keyBytes = derivedPassword.GetBytes(keySize / 8);
 
    RijndaelManaged symmetricKey = new RijndaelManaged();
    symmetricKey.Mode = CipherMode.CBC;
 
    byte[] plainTextBytes = new byte[cipherTextBytes.Length];
    int byteCount = 0;
 
    using (ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes, initialVectorBytes))
    {
        using (MemoryStream memStream = new MemoryStream(cipherTextBytes))
        {
           using (CryptoStream cryptoStream = new CryptoStream(memStream, decryptor, CryptoStreamMode.Read))
           {
               byteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
               memStream.Close();
               cryptoStream.Close();
           }
        }
    }
 
    symmetricKey.Clear();
    return Encoding.UTF8.GetString(plainTextBytes, 0, byteCount);
}

Well, it's easy to use:
Encrypt(text, password); //где text — текст который необходимо зашифровать,password — пароль для шифровки
Decrypt(text, password); //аналогично
 
. . .
// UPD1: можно воспользоваться и более сложной схемой включая размер ключа и байт
Encrypt(text, password1, password2, «SHA1», 2,«16CHARSLONG12345», 256);
Decrypt(text, password1, password2, «SHA1», 2,«16CHARSLONG12345», 256);

A
Alexey, 2013-11-22
@ScorpLeX

You can simply encrypt and put in a file, as an option, you can store the session (cookies) of the user if authorization on the site for example.
In any case, it is better to further encrypt and encrypt again.

G
Gadya Petrovich, 2013-11-22
@digitallez

You can encrypt the login / password using DPAPI (there is an article and a question on the Harb on this topic ).

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question