I am developing a asp.net application to use the HMAC encryption (SHA1). I do not want to store the encryption keys in .config files or in database. In .net is there any other alternatives to securely store the encrption keys
This is meant to be easy ...so ive been told, but still cant get it to work!I have a sql database hosted on a shared server which requires the use of sql authentication.As a result I require to encrypt my sensitive data in the config (connection strings etc).I understand that you can do this using aspnet_regiis etc, but ive been told that as I have no direct acccess to the server, I may need to program the encryption. I have seen a few examples, but as a novice I have been banging away at this, looking at an errors screen most of the time!
For our website, we have decided we would like to maintain our user passwords as encrypted binary data in our database. We are using ASP.NET 3.5 to host our site and SQL Server Express 2008 for the database, both running on the same server. When a user logs in and submits a username and password, there will need to be some sort of encryption or decryption in order to verify the credentials. To me, it would appear that there are 3 ways to do this:
1)[C# Encyrption] On User creation, perform encryption in the Web App and submit the encrypted password to the database. To verify credentials at Login, perform the same encryption on the submitted password and ensure that it matches the value stored in the database.
2)[SQL Encryption] On User creation, submit the plain-text password to the database and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, have the database perform decryption on the password during the SELECT statement, and compare the plain-text submitted password to the one in the database.
3)[Mix] On User creation, submit the plain-text password to the database, and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, perform the same encryption algorithm used by SQL on the submitted password ( is this possible? ), and ensure that it matches the value stored in the database.
Does anybody have an opinion as to which of these options is best? Number 1) is the most familiar to me, and would be the easiest to use with LINQ to SQL ( which is our current data model ), so I am leaning towards that. But if there are better options I would love to know about them.
I have web.config file and it is encrypted completely and hosted in one server,Now I got one requirement to change admin person mail id. So I need to decrypt the web.config file and update the mail id then encrypt the config file again. Please tell me how to do this using aspnet_regiis -pdf commands?
I used the following command to encrypt my connection string but an error ocurred, "The connection name'DatabaseConnectionString1' was not found in the applications configuration or the connection string is empty" How can I encrypt it while keeping the application working? What if I move the encrypted application to another computer? Will it work?
I am passing values through query string. I want to restrict the user to modify the url to get the unauthorized permissions.I want to encrypt the url so that user can not understand and decrypt and use in the code.How can i do this.If there is any method to restrict the user to modify the url,
I have to Encrypt and Decrypt Back the Password field in sql server i have used the pwdencrypt and pwdCompare() but i dont have to compare but i have to display the password back using the Decrypt technique Is there any algorithm which i can use only for encryption and decryption of password field?
I have an asp.net page where I have used FormsAuthentication.HashPasswordForStoringInConfigFile. Encrypted password is saved in database. I have created a forgotPassword page. Where I need to send user his password. How can I decrypt it and send it to user. if SHA1 can not be decryoted what other option should I use to encrypt the passwords?
I have a problem .I am using CAPICOM for digitally sign the data and for this purpose i am using SHA1 algorithm.In CPICOM there is one class CAPICOM.SignedData which is used for this purpose.My problem is how can i give SHA1's hashed data to this class (to it's sign method) for returning the digital signature of exactly 172 bit long?
Also, compilation debug="false" ... > is set.No matter what I use (AES, MD5, SHA1, 3DES),it generates the same hash.Is there something I am missing out.And what is the default algorithm used if I don't specify anything?
I have requirement to encrypt the windows service config file and web.config connection strings, I could able to do that for web.config with aspnet_regiisC:WindowsMicrosoft.NETFramework64v2.0.50727>aspnet_regiis -pe "connectionStrings" -app "/application.ui")But I am still looking similar kind of way for windows service config file to encrypt and decrypt..exe.config file snippet as below
I am using a Query Encryption Technique shown in Thread[URL]I am facing a problem with the above module status bar always displays real URL,& when ever i right click on page then properties than Address URL shows Real URL
I would like to use the System.Security.Cryptography to encrypt / decrypt my passwords strings for my custom membership provider login.I've read some basic article's but they don't explain much about the process in detail. I've decided to use AES because it is said to replace DES encryption. How can I encrypt and decrypt my password strings in the strongest way possible with AES? I would really like a very detailed explanation about the method to use for this task.
If a website is already using SSL, this guarantees a secure channel between the client and the website right. If I do another encrypt on the information being transmitted via HTTP POST would this be an overkill?
I inherited a ASP.Net website. Some changes need to be implemented. The login for the application is encrypted using the md5cryptoserviceprovider class. After upgrading to 2.0, the password is no longer encrypted the same as when it was 1.1.
I left the 1.1 virtual directory and it's still working. On the same box, I loaded the 2.0 code and setup a new virtual directory (which isn't encrypting the same as 1.1).
I copied the section below from the 1.1 machine.config section into the web.config and the 2.0 machine.config.
But something is going wrong somewhere, I suspect it's a difference between (PHP) pack("H*", '0F26EF560F26EF56') and (C#) StringToBytes.ConvertHex("0F26EF560F26EF56") but I'm really struggling to spot it.