Header Ads Widget

ASP.NET SHA-256 + Salt के साथ Secure Login System

JOB ORIENTED STUDY ACADEMY July 19, 2025
ASP.NET SHA-256 + Salt के साथ Secure Login System

🔐 ASP.NET WebForms में SHA-256 + Salt के साथ Secure Login System

इस ब्लॉग में आप सीखेंगे कि कैसे ASP.NET WebForms, SQL Server और C# का उपयोग करके एक Secure User Registration और Login Page बनाया जाता है। हम SHA-256 + Salt का इस्तेमाल करेंगे जिससे Password को Safe और Secure बनाया जा सके।

📦 Step 1: SQL Server में Users Table

CREATE TABLE Users (
    Id INT PRIMARY KEY IDENTITY,
    Username NVARCHAR(50) NOT NULL UNIQUE,
    PasswordHash NVARCHAR(128) NOT NULL,
    Salt NVARCHAR(64) NOT NULL
);
---

📝 Step 2: Registration Page (Register.aspx)

🖥️ UI Code (ASPX)

<form runat="server">
  Username: <asp:TextBox ID="txtUsername" runat="server" /><br/>
  Password: <asp:TextBox ID="txtPassword" runat="server" TextMode="Password" /><br/>
  <asp:Button ID="btnRegister" runat="server" Text="Register" OnClick="btnRegister_Click" />
  <br/><asp:Label ID="lblMsg" runat="server" />
</form>

🔧 Backend C# Code (Register.aspx.cs)

protected void btnRegister_Click(object sender, EventArgs e)
{
    string username = txtUsername.Text.Trim();
    string password = txtPassword.Text;
    string salt = GenerateSalt();
    string hash = ComputeSHA256(salt + password);

    using (SqlConnection con = new SqlConnection(connStr))
    {
        SqlCommand cmd = new SqlCommand("INSERT INTO Users (Username, PasswordHash, Salt) VALUES (@u, @p, @s)", con);
        cmd.Parameters.AddWithValue("@u", username);
        cmd.Parameters.AddWithValue("@p", hash);
        cmd.Parameters.AddWithValue("@s", salt);
        con.Open();
        cmd.ExecuteNonQuery();
    }

    lblMsg.Text = "✅ Registered Successfully!";
}

🔐 Helper Functions

private string GenerateSalt()
{
    byte[] saltBytes = new byte[16];
    new RNGCryptoServiceProvider().GetBytes(saltBytes);
    return Convert.ToBase64String(saltBytes);
}

private string ComputeSHA256(string input)
{
    using (SHA256 sha = SHA256.Create())
    {
        byte[] bytes = sha.ComputeHash(Encoding.UTF8.GetBytes(input));
        return BitConverter.ToString(bytes).Replace("-", "").ToLower();
    }
}
---

🔐 Step 3: Login Page (Login.aspx)

🖥️ UI Code (ASPX)

<form runat="server">
  Username: <asp:TextBox ID="txtUsername" runat="server" /><br/>
  Password: <asp:TextBox ID="txtPassword" runat="server" TextMode="Password" /><br/>
  <asp:Button ID="btnLogin" runat="server" Text="Login" OnClick="btnLogin_Click" />
  <br/><asp:Label ID="lblMsg" runat="server" />
</form>

🔧 Backend C# Code (Login.aspx.cs)

protected void btnLogin_Click(object sender, EventArgs e)
{
    string username = txtUsername.Text.Trim();
    string password = txtPassword.Text;

    using (SqlConnection con = new SqlConnection(connStr))
    {
        SqlCommand cmd = new SqlCommand("SELECT PasswordHash, Salt FROM Users WHERE Username = @u", con);
        cmd.Parameters.AddWithValue("@u", username);
        con.Open();
        SqlDataReader rdr = cmd.ExecuteReader();

        if (rdr.Read())
        {
            string dbHash = rdr["PasswordHash"].ToString();
            string dbSalt = rdr["Salt"].ToString();
            string inputHash = ComputeSHA256(dbSalt + password);

            if (dbHash == inputHash)
            {
                Session["Username"] = username;
                Response.Redirect("Welcome.aspx");
            }
            else
            {
                lblMsg.Text = "❌ Invalid password.";
            }
        }
        else
        {
            lblMsg.Text = "❌ User not found.";
        }
    }
}
---

✅ Step 4: Welcome Page

<h2>Welcome <%= Session["Username"] %></h2>
<a href="Logout.aspx">Logout</a>
---

🚪 Step 5: Logout Page (Logout.aspx.cs)

Session.Abandon();
Response.Redirect("Login.aspx");
---

📌 निष्कर्ष (Conclusion)

  • SHA-256 एक Secure, One-Way Hashing Algorithm है
  • Salt का प्रयोग Password को Uniquely सुरक्षित बनाता है
  • ASP.NET में यह Implementation Server-side पर Safe रहता है
📢 अगले ब्लॉग में हम सीखेंगे: "JWT Token को SHA-256 के साथ कैसे Sign करें और Secure APIs में Verify करें"
Tags:
JOB ORIENTED STUDY ACADEMY

Posted by: JOB ORIENTED STUDY ACADEMY

I am Mr. S.S. Lodhi, founder of Job Oriented Study Academy from Madhya Pradesh. Welcome to our blogs! Job Oriented Study Academy helps students learn Web Design (HTML, CSS, JavaScript, Bootstrap), Software Development (C#.NET, ASP.NET, VB.NET), and Project Development with practical tutorials and real-time examples. All Verb Form is dedicated to learning English verbs with Hindi meanings and examples, covering regular and irregular verbs, all verb forms, English to Hindi translations, and daily-use sentences. Our goal is to provide useful content and step-by-step guidance to enhance both technical skills and English proficiency, helping learners become job-ready and confident in English. Stay connected for regular updates, tips, and resources.

Post a Comment

0 Comments