What you are using is a very old method and not very secure.
I suggest you read this:
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm trying to implement change password for user in asp.net. the problem I'm facing is that after changing the password and save it in encrypted format in the database the user can no longer login unless he enters the encrypted password.
My aspx:
<asp:TextBox ID="txtNewPwd" cssclass="form-control" runat="server" TextMode="Password" Width="206px" ControlToValidate="txtNewPwd">
</asp:TextBox>
My vb code behind:
Protected Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
Dim strpass As String = encryptpass(txtNewPwd.Text)
Dim rowsAffected As Integer = 0
Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("dbconnection").ConnectionString)
Dim cmd As New SqlCommand("update CRMSUsers set password=@pwd where username=@uname", con)
cmd.Parameters.AddWithValue("@pwd", strpass)
cmd.Parameters.AddWithValue("@uname", txtUserName.Text)
cmd.Connection = con
con.Open()
rowsAffected = cmd.ExecuteNonQuery()
con.Close()
If rowsAffected > 0 Then
some msg
Else
some msg
End If end sub
Public Function encryptpass(ByVal password As String) As String
Dim msg As String = ""
Dim encode As Byte() = New Byte(password.Length - 1) {}
encode = Encoding.UTF8.GetBytes(password)
msg = Convert.ToBase64String(encode)
Return msg
End Function
What you are using is a very old method and not very secure.
I suggest you read this:
user can no longer login unless he enters the encrypted password.
You show the code to save an encryted password, but how the login code looks like to valid the password; do we have to guess it?
besides your code not working, it is so full of security holes, it would fail any security audit. this is why unless you understand security, you should use the supplied user identification and password management libraries.