Encypt and decrypt password in ASP.NET MVC

Question

I'm just getting started at ASP.NET MVC and I want to when password is entered to store the hashed value in a SQL Server database. I have looked up online but nothing worked so far. this is my code:

LoginController.cs:

public class LoginController : Controller
    {
        private ApplicationDbContext db = new ApplicationDbContext();

        // GET: Login
        public ActionResult Index()
        {
            return View();
        }

        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Index(Login logins)
        {
            if (ModelState.IsValid)
            {
                    var obj = db.Logins.Where(a => a.Email.Equals(logins.Email) && a.Password.Equals(logins.Password)).FirstOrDefault();
                    if (obj != null)
                    {
                        Session["UserID"] = obj.ID.ToString();
                        Session["UserName"] = obj.FirstName.ToString();
                        Session["UserSurname"] = obj.LastName.ToString();
                        return RedirectToAction("UserDashBoard");
                    }
            }
            return View(logins);
        }

        public ActionResult UserDashBoard()
        {
            if (Session["UserID"] != null)
            {
                return View();
            }
            else
            {
                return RedirectToAction("Index");
            }
        }


        
        // GET: Login/Register
        public ActionResult Register()
        {
            return View();
        }

        // POST: Login/Create
        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Register([Bind(Include = "ID,FirstName,LastName,Email,Password,ConfirmPassword")] Login login)
        {
            if (ModelState.IsValid)
            {
                db.Logins.Add(login);
                db.SaveChanges();
                return RedirectToAction("Index");
            }

            return View(login);
        }

Register.cshtml:

 <div class="form-group">
        <p class="control-label col-md-2">Email</p>
        <div class="col-md-10">
            @Html.EditorFor(model => model.Email, new { htmlAttributes = new { @class = "form-control", type = "email" } })
            @Html.ValidationMessageFor(model => model.Email, "", new { @class = "text-danger" })
        </div>
    </div>

    <div class="form-group">
        <p class="control-label col-md-2">Password</p>
        <div class="col-md-10">
            @Html.EditorFor(model => model.Password, new { htmlAttributes = new { @class = "form-control", type = "password" } })
            @Html.ValidationMessageFor(model => model.Password, "", new { @class = "text-danger" })
        </div>
    </div>

    <div class="form-group">
        <p class="control-label col-md-2">Confirm Password</p>
        <div class="col-md-10">
            @Html.EditorFor(model => model.ConfirmPassword, new { htmlAttributes = new { @class = "form-control", type = "password" } })
            @Html.ValidationMessageFor(model => model.ConfirmPassword, "", new { @class = "text-danger" })
        </div>
    </div>

    <div class="form-group">
        <div class="col-md-offset-2 col-md-10">
            @Html.ActionLink("An existing user? Login Now", "Index")
        </div>
    </div>

    <div class="form-group">
        <div class="col-md-offset-2 col-md-10">
            <input type="submit" value="Register" class="btn btn-default" />
        </div>
    </div>

and Login.cs:

public class Login
    {
        public int ID { get; set; }

        [Required(ErrorMessage = "Please Enter Your Name")]
        public string FirstName { get; set; }

        [Required(ErrorMessage = "Please Enter Your Surname")]
        public string LastName { get; set; }

        [Required(ErrorMessage = "Please Enter Email")]
        public string Email { get; set; }


        [Required(ErrorMessage = "Please Enter Password")]
        public string Password { get; set; }

        [Required(ErrorMessage = "Please Confirm Password")]
        [Compare("Password")]
        public string ConfirmPassword { get; set; }
    }

I have been stuck for some time so any help and tip would be great.

please don't encrypt and store passwords. consider a hardened identity solution — Daniel A. White, Nov 13 '21 at 17:38
@DanielA.White what is that? I searched that term on google but nothing showed up — Vedo, Nov 13 '21 at 17:40
@Don It's not something you can learn from a single google search - it's stuff you need to do an entire undergraduate-level course on. — Dai, Nov 13 '21 at 17:42
@Don You're doing a lot of things wrong in your code-as is, for example: don't use entity types (`class Login`) as view-models (e.g. you don't need `ConfirmPassword` in your database). — Dai, Nov 13 '21 at 17:43
I'm closing this as a duplicate of ( https://stackoverflow.com/questions/947618/how-to-best-store-user-information-and-user-login-and-password ) - while that's a question for PHP+MySQL the same principles apply to your C#+MSSQL code too. — Dai, Nov 13 '21 at 17:44
you could use something like BCrypt. Refer url to get the nuget package "https://www.nuget.org/packages/BCrypt.Net-Next" and a sample of how to use it can be found at "https://jasonwatmore.com/post/2020/07/16/aspnet-core-3-hash-and-verify-passwords-with-bcrypt" — Avantha Siriwardana, Nov 13 '21 at 17:48

Encypt and decrypt password in ASP.NET MVC

0 Answers0