Encoding and Decoding Password in login form in asp.net

Question

I am making a Registration and a login Form with encoded password saved to database, I can encode the password using encoding.utf8.

Problem is I register with some username and password and the data get saved to database with encoded password, but when I login with the same data it shows me this below error.

Invalid length for a Base-64 char array or string.

Can anyone give me the described solution for this. Below I am attaching my encoded and decoded methods :

Encoded :

 private string encryption(string clearText)
{

    string encryptkey = "123";
    byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
    using (Aes encrypt = Aes.Create())
    {


        Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes(encryptkey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
        encrypt.Key = rdb.GetBytes(32);
        encrypt.IV = rdb.GetBytes(16);

        using (MemoryStream ms = new MemoryStream())
        {

            using (CryptoStream cst = new CryptoStream(ms, encrypt.CreateEncryptor(), CryptoStreamMode.Write))
            {
                cst.Write(clearBytes, 0, clearBytes.Length);
                cst.Close();
            }

            clearText = Convert.ToBase64String(ms.ToArray());

        }

    }


    return clearText;

Decoded:

 private string decryp(string cipherText)
    {

        cipherText = cipherText.Replace(" ", "+");
        string decryptkey = "123";
        byte[] cipherBytes = Convert.FromBase64String(cipherText.Replace(" ", "+"));
        using (Aes encrypt = Aes.Create())
        {

            Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes(decryptkey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
            encrypt.Key = rdb.GetBytes(32);
            encrypt.IV = rdb.GetBytes(16);


            using (MemoryStream ms = new MemoryStream())
            {

                using (CryptoStream cst = new CryptoStream(ms, encrypt.CreateDecryptor(), CryptoStreamMode.Write))
                {

                    cst.Write(cipherBytes, 0, cipherBytes.Length);
                    cst.Close();

                }

                cipherText = Encoding.Unicode.GetString(ms.ToArray());

            }

        }

        return cipherText;

Any help would be appreciated !

Why are you encrypting the password? Do you ever need the plaintext of the password? — mason, Sep 12 '16 at 13:48
@mason - because I need to do it, I had done plain text password , now there is a requirement of the above query that's is why I need to do it ! — Nilesh Jadav, Sep 12 '16 at 14:44
So here is the thing that I want to do , see I had a registration page and login page ( username and password) that gonna save in db while registering, now I want to login with the same username and pass, but the thing is password is stored in encoded form, so i have to decode it first and then make out the condition so that password gets matched and I can login into my account. therefore I need to decode (plain text ) my password, while login — Nilesh Jadav, Sep 12 '16 at 15:44
No, that is **wrong**. You should not be handling passwords in that manner. Passwords should not be stored encrypted. They should be one way hashed and salted. You should not ever need to get the plaintext of a password to verify if the user has entered correct password. You should always compared the hashed versions of the passwords to see if they match. — mason, Sep 12 '16 at 15:47
@mason do you have any reference link to make my work ? I really want to try that. I really appreciate with your concern, do you have any links that can show me the solution of my requirement. — Nilesh Jadav, Sep 12 '16 at 15:59
[Some questions](http://stackoverflow.com/questions/12657792/how-to-securely-save-username-password-local) on Stack Overflow address how to handle passwords. — mason, Sep 12 '16 at 16:02
I tried your code. but I am not getting any error. It is working fine. I tried with the following values.e.g — SUNIL DHAPPADHULE, Apr 24 '19 at 09:14
Password-Pass@123 Encrypted paswword-6aIbJagvSNz+df8fqDGcgpFAuIn9jq1Hd9rjZ8KUQ88= Decrypted paswword-Pass@123 — SUNIL DHAPPADHULE, Apr 24 '19 at 09:14
if you have the following encrypted Password:6aIbJagvSNz+df8fqDGcgpFAuIn9jq1Hd9rjZ8KUQ88 It can not be converted to a byte array from Base64, — SUNIL DHAPPADHULE, Apr 24 '19 at 09:17

Encoding and Decoding Password in login form in asp.net

0 Answers0