Hashing the Password in C#

dotnetlogo

Every application uses username and password to provide security to the systems. The way an application handles the storage of password defines the level of security provided by the application.

The password should not be stored in the database as a string. Rather, it should be converted to an unrecognizable value that is unique for any defined password. This value is called a hash. Hashing algorithms are defined so that any string that is hashed to a unique value will always be hashed to that unique value.

When an end user defines a password, the password should be hashed to a unique value, and that unique value should be stored in the database. When the end user logs in with the password, the password can be hashed again using the same algorithm. The resulting value can be compared with the hashed value stored in the database to validate the login.

Hashed values cannot be “unhashed,” so there is no way to get the original password back from the hashed value. This provides an additional level of security, because if someone obtains hashed passwords from the database, they cannot be converted back to the original passwords. A side effect of this is that if an end user forgets the password, a new password would need to be assigned.

The System.Security.Cryptography library in the .NET Framework provides a set of classes that assist with hashing. Two primary hashing schemes are provided in this library:

  • MD5: The Message Digest 5 (MD5) hash digest uses an MD5 algorithm to hash a value, such as an end user password. This algorithm provides better performance than SHA1.
  • SHA1: The Secure Hash Algorithm-1 (SHA1) hash digest uses a SHA1 algorithm to hash a value, such as an end user password. This algorithm provides better security than MD5.

A password such as “password” will have a hash that looks something like W6ph5Mm5Pz8GgiULbPgzG37mj9g=.

The following code uses the SHA1 algorithm to hash a password:

using System.Security.Cryptography;
public static String ComputeHash(string textToHash)
{
SHA1CryptoServiceProvider SHA1 = new SHA1CryptoServiceProvider();
byte[] byteValue = System.Text.Encoding.UTF8.GetBytes(textToHash);
byte[] byteHash = SHA1.ComputeHash(byteValue);
SHA1.Clear();
return Convert.ToBase64String(byteHash);
}

You can put this code in a utility component and reuse it in every application that needs to store a password or other secure information.

But hashing a password does not protect the application from a dictionary attack. For further security, salt the password as well.

Slide.Show:Open Source Slideshow control in Silverlight

silverlightlogo
Are you Searching for a web control for your webpage which allows you to create a cool slideshow of images??

Slide.Show
Vertigo Has developed an open source control in silverlight which is highly customised and can be used by publishing highly-customizable photo and video slideshows on the Web.

Slide View
Slide View

Features of Slide.Show

  • Minimal setup and configuration
  • Image and video slideshows
  • Resizable for any Web page design
  • Full-screen and embedded modes
  • 100% configurable via XML, themes, or your own custom provider
  • Slideshow data from XML, Flickr, or your own custom provider
  • Auto-playback with numerous transitions (e.g. fade, shape, slide, wipe)
  • Cross-browser (e.g. IE 6/7/8, Firefox 2/3, Safari 2/3, PC and Mac)
  • Open source (e.g. extensible, configuration and data provider models, templated controls, commented code)

Download Slide.Show

Slide.Show Live in Action

kick it on DotNetKicks.com

Parsing an XML file from RSS feed with namespaces in C#

dotnetlogo
The task is to parse a XML file retrieved from the RSS feed.
Below is the sample partial XML file taken from a Leading Geographical alerts website’s RSS feeds.

<?xml version="1.0" encoding="ISO-8859-1"?> 
<rss version="2.0" xmlns:geo="http://www.w3.org/2003/01/geo/"> 
<channel> 
<pubDate>Fri, 4 Jan 2008 09:51 GMT+1</pubDate> 

<item> 

<title>Red alert: Tropical Cyclone SINLAKU-08.</title> 
<description>Tropical Cyclone SINLAKU-08 .</description> 
<pubDate>Tue, 16 Sep 2008 06:00 GMT+1</pubDate> 
<geo:point> 
<geo:lat>27</geo:lat> 
<geo:long>124</geo:long> 
</geo:point> 
</item> 
<item> 

<title>Red alert: Tropical Cyclone IKE-08 .</title> 
<description>Tropical Cyclone IKE-08 .</description> 
<pubDate>Sun, 14 Sep 2008 09:00 GMT+1</pubDate> 
<geo:point> 
<geo:lat>36.400001526</geo:lat> 
<geo:long>-92.5</geo:long> 
</geo:point> 
</item> 

</channel> 
</rss>

As we can we there are two items(alerts) in the file one for Tropical Cyclone SINLAKU-08 and other for Tropical Cyclone IKE-08.

Lets write the code in c# to extract title,latitude and longitude of both the alerts.

First of all, lets load the XML data into the XMLDocument instance.

//include namespace for working with xml files
using System.Xml;
public partial class GoogleMap : System.Web.UI.Page
{
//creating new instance of xml document
XmlDocument xmlDoc = new XmlDocument();
protected void Page_Load(object sender, EventArgs e)
{
xmlDoc.Load(Server.MapPath(“~/XML Files/sourceRssEDIS.xml”));
//rest of the code described later will also be added here
}
}

Now, introduce the namespaces used in the xml file to the xmlDoc with the XmlNamespaceManager class instance.

XmlNamespaceManager nsMgr = new XmlNamespaceManager(xmlDoc.NameTable);
nsMgr.AddNamespace(“geo”, “http://www.w3.org/2003/01/geo/”);

Select all the items in a array using GetElementsByTagName() method.

XmlNodeList nodes = xmlDoc.GetElementsByTagName(“item”);

Iterate for the elements inthe nodes array using for loop and select the latitude and longitude values using SelectNodes() method as shown below and then set the values of text of respective labels.

for (int i = 0; i < nodes.Count; i++) { XmlNodeList gpointnodeslat = nodes[i].SelectNodes("geo:point//geo:lat", nsMgr); XmlNodeList gpointnodeslong = nodes[i].SelectNodes("geo:point//geo:long", nsMgr); XmlNodeList titleNodes= nodes[i].SelectNodes("title"); Label lbllatitude=new Label(); Label lbllongitude = new Label(); Label lbltitle = new Label(); latitude.Text = gpointnodeslat[0].InnerText; longitude.Text = gpointnodeslong[0].InnerText; lbltitle.Text = titleNodes[0].InnerText; } [/sourcecode] In this way, any tag in the xml file can be searched for which is either with a namespace or not. kick it on DotNetKicks.com