C
Claude du Québec
Guest
Hi everyone,
I am rewriting my MS Access application in VB.NET and Visual Studio with my database on an SQL Server, I want my application to be secure so I surfed on the Internet to find information. I have a class named Simple3Des that I visualize on this site:
Encrypting and Decrypting Strings - Visual Basic
I seem clear at first, then, even if I can now encrypt data, I can't decrypt it, so I put a few items so you can see what I am looking for:
FrmEmployees (When I click on the button "InsertEmployee" everything works well, the password is encrypted but how can I decrypte that password, for exemple, I choose a password "1960" after saving it in my SQL server table this is the encrypted password: "8vMydt936cImbMY2sVLDkQ==" If I use 1960 I can't login but if I put this encrypted password I can. On the following code, I didn't put the decryptdata function anywhere because I do not know how to use it, may be somebody knows
Imports System.Data
Imports System.Data.SqlClient
Imports System.Text
Imports System.Security.Cryptography
Public Class FrmEmployees
Private SQL As New SqlControl
Private ReadOnly TripleDes As New TripleDESCryptoServiceProvider
Private Sub BtnClose_Click(sender As Object, e As EventArgs) Handles BtnClose.Click
Me.Close()
End Sub
Private Sub FrmEmployees_Load(sender As Object, e As EventArgs) Handles MyBase.Load
'MdiParent = FrmAdminMenu
Me.Location = New Point(0, 0)
Me.FirstNameTB.Select()
End Sub
Private Sub BtnChangePassword_Click(sender As Object, e As EventArgs) Handles BtnChangePassword.Click
Try
Me.Hide()
'Dim formChangePassword As New FrmChangePassword
'FrmChangePassword.UsernameTB.Text = UsernameTextBox.Text
'FrmChangePassword.Show()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Private Sub ActiveCB_CheckedChanged(sender As Object, e As EventArgs) Handles ActiveCB.CheckedChanged
Me.UsernameTextBox.Text = FirstNameTB.Text+ " " + LastNameTB.Text
End Sub
Public Function EncryptData(
ByVal plaintext As String) As String
' Convert the plaintext string to a byte array.
Dim plaintextBytes() As Byte =
System.Text.Encoding.Unicode.GetBytes(plaintext)
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the encoder to write to the stream.
Dim encStream As New CryptoStream(ms,
TripleDes.CreateEncryptor(),
System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
encStream.FlushFinalBlock()
' Convert the encrypted stream to a printable string.
Return Convert.ToBase64String(ms.ToArray)
End Function
Private Sub InsertEmployee_Click(sender As Object, e As EventArgs) Handles InsertEmployee.Click
'ADD SQL PARAMS & RUN THE COMMAND
SQL.AddParam("@FirstName", FirstNameTB.Text)
SQL.AddParam("@MiddleName",MiddleNameTB.Text)
SQL.AddParam("@LastName", LastNameTB.Text)
SQL.AddParam("@Address",AddressTB.Text)
SQL.AddParam("@Address2",Address2TB.Text)
SQL.AddParam("@Apt",AppTB.Text)
SQL.AddParam("@City",CityTB.Text)
SQL.AddParam("@State_Province",StateTB.Text)
SQL.AddParam("@ZipCode",ZipTB.Text)
SQL.AddParam("@Country",CountryTB.Text)
SQL.AddParam("@Notes",NotesTB.Text)
SQL.AddParam("@Active",ActiveCB.Checked)
SQL.AddParam("@Department",DepartmentTB.Text)
SQL.AddParam("@JobDescription",JobDescriptionTB.Text)
SQL.AddParam("@LastDateLogin",LastLoginDateTB.Text)
SQL.AddParam("@SalesYTD",SalesYTDTB.Text)
SQL.AddParam("@PhoneOffice",PhoneOfficeTB.Text)
SQL.AddParam("@PhoneMobile",CellularPhoneTB.Text)
SQL.AddParam("@PhoneMobile2",CellularPhone2TB.Text)
SQL.AddParam("@FaxNumber",FaxNumberTB.Text)
SQL.AddParam("@Email",EmailTB.Text)
SQL.AddParam("@Email2",Email2TB.Text)
SQL.AddParam("@Website",WebsiteTB.Text)
SQL.AddParam("@IsSystemAdmin",IsAdministratorCB.Checked)
SQL.AddParam("@CanApprovePurchases",CanApprovePurchaseCB.Checked)
SQL.AddParam("@IsCashier",IsACashierCB.Checked)
SQL.AddParam("@CanManageTimecards",CanManageTimecardsCB.Checked)
SQL.AddParam("@CanOpenAdminMenu",CanOpenAdminMenuCB.Checked)
SQL.AddParam("@ReceiveCommission",ReceiveCommissionCB.Checked)
SQL.AddParam("@CommissionOnSale",BasedOnSaleCB.Checked)
SQL.AddParam("@CommissionOnProfit",BasedOnProfitCB.Checked)
SQL.AddParam("@PercentageCommission",PercentageCommTB.Text)
SQL.AddParam("@Society",SocietyTB.Text)
SQL.AddParam("@Birthday",BirthdayTB.Text)
SQL.AddParam("@HiredDate",HiredOnTB.Text)
SQL.AddParam("@Password",EncryptData(PasswordTextBox.Text))
SQL.ExecQuery("INSERT INTO enc_login (FirstName,MiddleName,LastName,Address,Address2,Apt,City,State_Province,ZipCode,Country,Notes,Active,Department,JobDescription,LastDateLogin,SalesYTD,PhoneOffice,PhoneMobile,PhoneMobile2,FaxNumber,Email,Email2,Website,IsSystemAdmin,CanApprovePurchases,IsCashier,CanManageTimecards,CanOpenAdminMenu,ReceiveCommission,CommissionOnSale,CommissionOnProfit,PercentageCommission,Society,Birthday,HiredDate,Password) " & _
"VALUES(@FirstName,@MiddleName,@LastName,@Address,@Address2,@Apt,@City,@State_Province,@ZipCode,@Country,@Notes,@Active,@Department,@JobDescription,@LastDateLogin,@SalesYTD,@PhoneOffice,@PhoneMobile,@PhoneMobile2,@FaxNumber,@Email,@Email2,@Website,@IsSystemAdmin,@CanApprovePurchases,@IsCashier,@CanManageTimecards,@CanOpenAdminMenu,@ReceiveCommission,@CommissionOnSale,@CommissionOnProfit,@PercentageCommission,@Society,@Birthday,@HiredDate,@Password) ")
MsgBox("Employee created successfully")
Me.Close()
If SQL.HasException(True) Then Exit Sub
End Sub
End Class
FrmACLogin code:
Imports System.Data
Imports System.Data.SqlClient
Imports System.Text
Imports System.Security.Cryptography
Public Class ACLogin
Private ReadOnly TripleDes As New TripleDESCryptoServiceProvider
Private SQL As New SqlControl
Public Function EncryptData(
ByVal plaintext As String) As String
' Convert the plaintext string to a byte array.
Dim plaintextBytes() As Byte =
System.Text.Encoding.Unicode.GetBytes(plaintext)
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the encoder to write to the stream.
Dim encStream As New CryptoStream(ms,
TripleDes.CreateEncryptor(),
System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
encStream.FlushFinalBlock()
' Convert the encrypted stream to a printable string.
Return Convert.ToBase64String(ms.ToArray)
End Function
Private Sub CmdLogin_Click(sender As Object, e As EventArgs) Handles CmdLogin.Click
If SQL.DBDS IsNot Nothing Then
SQL.DBDS.Clear()
End If
'If SQL.HasConnection = True Then
SQL.RunQuery("SELECT Count(Username) As UserCount FROM enc_login WHERE Username = '" & txtUser.Text & "' AND password ='" & txtPass.Text & "' ")
If SQL.DBDS.Tables(0).Rows(0).Item("UserCount") = 1 Then
MsgBox("Valid user credentials, WELCOME in AUTO Cash register!", MsgBoxStyle.ApplicationModal, "LOGIN SUCCESS")
Else
MsgBox("Invalid user credentials, please try again!", MsgBoxStyle.Critical, "LOGIN FAILED")
Exit Sub
End If
FrmEmployees.Show()
End Sub
End Class
Continue reading...
I am rewriting my MS Access application in VB.NET and Visual Studio with my database on an SQL Server, I want my application to be secure so I surfed on the Internet to find information. I have a class named Simple3Des that I visualize on this site:
Encrypting and Decrypting Strings - Visual Basic
I seem clear at first, then, even if I can now encrypt data, I can't decrypt it, so I put a few items so you can see what I am looking for:
FrmEmployees (When I click on the button "InsertEmployee" everything works well, the password is encrypted but how can I decrypte that password, for exemple, I choose a password "1960" after saving it in my SQL server table this is the encrypted password: "8vMydt936cImbMY2sVLDkQ==" If I use 1960 I can't login but if I put this encrypted password I can. On the following code, I didn't put the decryptdata function anywhere because I do not know how to use it, may be somebody knows
Imports System.Data
Imports System.Data.SqlClient
Imports System.Text
Imports System.Security.Cryptography
Public Class FrmEmployees
Private SQL As New SqlControl
Private ReadOnly TripleDes As New TripleDESCryptoServiceProvider
Private Sub BtnClose_Click(sender As Object, e As EventArgs) Handles BtnClose.Click
Me.Close()
End Sub
Private Sub FrmEmployees_Load(sender As Object, e As EventArgs) Handles MyBase.Load
'MdiParent = FrmAdminMenu
Me.Location = New Point(0, 0)
Me.FirstNameTB.Select()
End Sub
Private Sub BtnChangePassword_Click(sender As Object, e As EventArgs) Handles BtnChangePassword.Click
Try
Me.Hide()
'Dim formChangePassword As New FrmChangePassword
'FrmChangePassword.UsernameTB.Text = UsernameTextBox.Text
'FrmChangePassword.Show()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Private Sub ActiveCB_CheckedChanged(sender As Object, e As EventArgs) Handles ActiveCB.CheckedChanged
Me.UsernameTextBox.Text = FirstNameTB.Text+ " " + LastNameTB.Text
End Sub
Public Function EncryptData(
ByVal plaintext As String) As String
' Convert the plaintext string to a byte array.
Dim plaintextBytes() As Byte =
System.Text.Encoding.Unicode.GetBytes(plaintext)
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the encoder to write to the stream.
Dim encStream As New CryptoStream(ms,
TripleDes.CreateEncryptor(),
System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
encStream.FlushFinalBlock()
' Convert the encrypted stream to a printable string.
Return Convert.ToBase64String(ms.ToArray)
End Function
Private Sub InsertEmployee_Click(sender As Object, e As EventArgs) Handles InsertEmployee.Click
'ADD SQL PARAMS & RUN THE COMMAND
SQL.AddParam("@FirstName", FirstNameTB.Text)
SQL.AddParam("@MiddleName",MiddleNameTB.Text)
SQL.AddParam("@LastName", LastNameTB.Text)
SQL.AddParam("@Address",AddressTB.Text)
SQL.AddParam("@Address2",Address2TB.Text)
SQL.AddParam("@Apt",AppTB.Text)
SQL.AddParam("@City",CityTB.Text)
SQL.AddParam("@State_Province",StateTB.Text)
SQL.AddParam("@ZipCode",ZipTB.Text)
SQL.AddParam("@Country",CountryTB.Text)
SQL.AddParam("@Notes",NotesTB.Text)
SQL.AddParam("@Active",ActiveCB.Checked)
SQL.AddParam("@Department",DepartmentTB.Text)
SQL.AddParam("@JobDescription",JobDescriptionTB.Text)
SQL.AddParam("@LastDateLogin",LastLoginDateTB.Text)
SQL.AddParam("@SalesYTD",SalesYTDTB.Text)
SQL.AddParam("@PhoneOffice",PhoneOfficeTB.Text)
SQL.AddParam("@PhoneMobile",CellularPhoneTB.Text)
SQL.AddParam("@PhoneMobile2",CellularPhone2TB.Text)
SQL.AddParam("@FaxNumber",FaxNumberTB.Text)
SQL.AddParam("@Email",EmailTB.Text)
SQL.AddParam("@Email2",Email2TB.Text)
SQL.AddParam("@Website",WebsiteTB.Text)
SQL.AddParam("@IsSystemAdmin",IsAdministratorCB.Checked)
SQL.AddParam("@CanApprovePurchases",CanApprovePurchaseCB.Checked)
SQL.AddParam("@IsCashier",IsACashierCB.Checked)
SQL.AddParam("@CanManageTimecards",CanManageTimecardsCB.Checked)
SQL.AddParam("@CanOpenAdminMenu",CanOpenAdminMenuCB.Checked)
SQL.AddParam("@ReceiveCommission",ReceiveCommissionCB.Checked)
SQL.AddParam("@CommissionOnSale",BasedOnSaleCB.Checked)
SQL.AddParam("@CommissionOnProfit",BasedOnProfitCB.Checked)
SQL.AddParam("@PercentageCommission",PercentageCommTB.Text)
SQL.AddParam("@Society",SocietyTB.Text)
SQL.AddParam("@Birthday",BirthdayTB.Text)
SQL.AddParam("@HiredDate",HiredOnTB.Text)
SQL.AddParam("@Password",EncryptData(PasswordTextBox.Text))
SQL.ExecQuery("INSERT INTO enc_login (FirstName,MiddleName,LastName,Address,Address2,Apt,City,State_Province,ZipCode,Country,Notes,Active,Department,JobDescription,LastDateLogin,SalesYTD,PhoneOffice,PhoneMobile,PhoneMobile2,FaxNumber,Email,Email2,Website,IsSystemAdmin,CanApprovePurchases,IsCashier,CanManageTimecards,CanOpenAdminMenu,ReceiveCommission,CommissionOnSale,CommissionOnProfit,PercentageCommission,Society,Birthday,HiredDate,Password) " & _
"VALUES(@FirstName,@MiddleName,@LastName,@Address,@Address2,@Apt,@City,@State_Province,@ZipCode,@Country,@Notes,@Active,@Department,@JobDescription,@LastDateLogin,@SalesYTD,@PhoneOffice,@PhoneMobile,@PhoneMobile2,@FaxNumber,@Email,@Email2,@Website,@IsSystemAdmin,@CanApprovePurchases,@IsCashier,@CanManageTimecards,@CanOpenAdminMenu,@ReceiveCommission,@CommissionOnSale,@CommissionOnProfit,@PercentageCommission,@Society,@Birthday,@HiredDate,@Password) ")
MsgBox("Employee created successfully")
Me.Close()
If SQL.HasException(True) Then Exit Sub
End Sub
End Class
FrmACLogin code:
Imports System.Data
Imports System.Data.SqlClient
Imports System.Text
Imports System.Security.Cryptography
Public Class ACLogin
Private ReadOnly TripleDes As New TripleDESCryptoServiceProvider
Private SQL As New SqlControl
Public Function EncryptData(
ByVal plaintext As String) As String
' Convert the plaintext string to a byte array.
Dim plaintextBytes() As Byte =
System.Text.Encoding.Unicode.GetBytes(plaintext)
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the encoder to write to the stream.
Dim encStream As New CryptoStream(ms,
TripleDes.CreateEncryptor(),
System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
encStream.FlushFinalBlock()
' Convert the encrypted stream to a printable string.
Return Convert.ToBase64String(ms.ToArray)
End Function
Private Sub CmdLogin_Click(sender As Object, e As EventArgs) Handles CmdLogin.Click
If SQL.DBDS IsNot Nothing Then
SQL.DBDS.Clear()
End If
'If SQL.HasConnection = True Then
SQL.RunQuery("SELECT Count(Username) As UserCount FROM enc_login WHERE Username = '" & txtUser.Text & "' AND password ='" & txtPass.Text & "' ")
If SQL.DBDS.Tables(0).Rows(0).Item("UserCount") = 1 Then
MsgBox("Valid user credentials, WELCOME in AUTO Cash register!", MsgBoxStyle.ApplicationModal, "LOGIN SUCCESS")
Else
MsgBox("Invalid user credentials, please try again!", MsgBoxStyle.Critical, "LOGIN FAILED")
Exit Sub
End If
FrmEmployees.Show()
End Sub
End Class
Continue reading...