Scribd
Upload
313 views5 pages

ASP.NET Login Page with Encryption

This document contains code for a login page that authenticates users by querying a database for username and password. It encrypts the password for storage in the database. Upon successful login, it sets session variables and redirects to a dashboard page. It handles different user rights levels by setting different session variables and redirecting to different pages.

Uploaded by

noni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
313 views5 pages

ASP.NET Login Page with Encryption

This document contains code for a login page that authenticates users by querying a database for username and password. It encrypts the password for storage in the database. Upon successful login, it sets session variables and redirects to a dashboard page. It handles different user rights levels by setting different session variables and redirecting to different pages.

Uploaded by

noni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

using System;

using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Security.Cryptography;
using System.IO;
using System.Text;
using System.Web.Security;

public partial class Login : System.Web.UI.Page


{
string var_Username;
//string var_Password;
string var_Rights;
string var_Department;
SqlConnection con = new
SqlConnection(ConfigurationManager.ConnectionStrings["conn"].ConnectionString);
SqlCommand com = new SqlCommand();
SqlDataReader dr;
protected void Page_Load(object sender, EventArgs e)
{
txt_UserID.Focus();
Response.Buffer = true;
Response.Expires = 0;
Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
Response.CacheControl = "no-cache";
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now);
FormsAuthentication.SignOut();
if (!
string.IsNullOrEmpty(Convert.ToString(HttpContext.Current.Request.QueryString["empi
d"])) && !
string.IsNullOrEmpty(Convert.ToString(HttpContext.Current.Request.QueryString["logi
nid"])))
{
txt_UserID.Text =
ASCIIEncoding.ASCII.GetString(Convert.FromBase64String(Request.QueryString["empid"]
));
lnklogin_click(sender, e);
}
else

//Redirect to common lapizportal page encr


//Response.Redirect("http://10.10.10.30/LapizPortal/login.aspx");

txt_UserID.Focus();
Response.Buffer = true;
Response.Expires = 0;
Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
Response.CacheControl = "no-cache";
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now);
Session["userid"] = "";
Session["username"] = "";
Session["rights"] = "";
con.Close();
}
protected void lnklogin_click(object sender, EventArgs e)
{
try
{
Session["Userid"] = "";
Session["UserName"] = "";
Session["Department"] = "";

con.Close();
con.Open();
com.Connection = con;
com.CommandText = "select userid,username,password,rights,Department
from tbl_PMIS_Usermaster where UserID = '" + txt_UserID.Text + "'";
dr = com.ExecuteReader();
if (dr.HasRows)
{
while (dr.Read())
{

var_Username = (Convert.ToString(dr["userid"]));
//var_Password =
Decrypt((Convert.ToString(dr["password"]))).ToLower();
var_Rights = (Convert.ToString(dr["rights"]));
var_Department = Convert.ToString(dr["Department"]);
Session["Userid"] = Convert.ToString(dr["userid"]);
Session["UserName"] = Convert.ToString(dr["username"]);
Session["Rights"] = Convert.ToString(dr["rights"]);
Session["Department"] = Convert.ToString(dr["Department"]);

if (var_Username.ToLower() == txt_UserID.Text.ToLower())
{
if (Session["Rights"].ToString().Trim() == "Administrator")
{
Session["sessiontype"] = "PM";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");
}

else if (Session["Rights"].ToString().Trim() ==
"Developer")
{
Session["sessiontype"] = "Admin";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");

}
else if (Session["Rights"].ToString().Trim() ==
"Requester")
{
Session["sessiontype"] = "Admin";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");

}
else if (Session["Rights"].ToString().Trim() == "Team
Leader")
{
Session["sessiontype"] = "TL";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");
}
else if (Session["Rights"].ToString().Trim() ==
"Requester/Manager")
{
Session["sessiontype"] = "Mngr";
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, "1", DateTime.Now, DateTime.Now.AddMinutes(10), false,
"1");
string sMyCookie = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sMyCookie);
Response.Cookies.Add(cookie);
txt_UserID.Text = string.Empty;
txt_Password.Value = string.Empty;
Response.Redirect("Dashboard.aspx");
}
}
else
{
ScriptManager.RegisterStartupScript(this, GetType(),
"mismatch", "swal('Password is Incorrect!')", true);
txt_Password.Focus();
}
}
}
else
{
//ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('UserID is Incorrect');", true);
ScriptManager.RegisterStartupScript(this, GetType(), "mismatch",
"swal('UserID is Incorrect!')", true);
}
}
catch (Exception ex)
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"swal(" + ex + ");", true);
}
}
private string Encrypt(string clearText)
{
string EncryptionKey = "$321SeCiVrEsLaTiGiDZiPaL";
byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new
byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65,
0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms,
encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
}
clearText = Convert.ToBase64String(ms.ToArray());
}
}
return clearText;
}
/// <summary>
/// Decryption For Login Password
/// </summary>
/// <param name="cipherText"></param>
/// <returns></returns>
private string Decrypt(string cipherText)
{
string EncryptionKey = "$321SeCiVrEsLaTiGiDZiPaL";
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new
byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65,
0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms,
encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;
}
}

You might also like