Hi,
I have to figure out why we have a problem with special characters in
encrypted usernames and passwords.
Case:
Username: r&bgeorge
Password: tigger
We allow users to create usernames and passwords with special
characters on the website. When we log them in, they have the option
to save their login credentials for future logins.
User logs in and checks off the "remember your password" option. Then
the user closes his browser and opens a new browser window for the
application. The user is not logged in and the username field
contains "r" only, which the letter before the special character.
That's where it breaks I assume. The password field is empty.
Code:
This is the class that does the encryption (method:EncodeS tring()):
Imports System.Security
Imports System.IO
Imports System.Text
Imports Microsoft.Visua lBasic
Public Class wwCrypto
'Set up the keys, these are used for both encryption and
decryption
Private keyb() As Byte = {1, 253, 5, 50, 52, 91, 193, 133, 193,
121, 221, 164, 57, 128, 91, 91, 19, 39, 111, 197, 125, 98, 89, 48, 97,
154, 83, 187, 222, 167, 171, 74}
Private ivb() As Byte = {10, 61, 235, 120, 122, 120, 80, 248, 13,
182, 196, 212, 176, 46, 23, 85}
Public Function EncodeString(By Val str As String) As String
Dim outStr As String
' Set up the streams and stuff
Dim ms As New MemoryStream()
Dim rv As New System.Security .Cryptography.R ijndaelManaged( )
Dim cs As New Cryptography.Cr yptoStream(ms,
rv.CreateEncryp tor(keyb, ivb),
System.Security .Cryptography.C ryptoStreamMode .Write)
Dim p() As Byte = Encoding.ASCII. GetBytes(str.To CharArray())
Dim encodedBytes() As Byte
Try
cs.Write(p, 0, p.Length) ' write to stream as
encrypted data
cs.FlushFinalBl ock()
encodedBytes = ms.ToArray ' Convert the stream
to something we can use
Catch ex As Exception
Finally
ms.Close()
cs.Close()
End Try
outStr = Convert.ToBase6 4String(encoded Bytes)
Return outStr
End Function
Public Function DecodeString(By Val str As String) As String
Dim outStr As String
Dim p() As Byte = Convert.FromBas e64String(str)
Dim initialText(p.L ength) As Byte
Dim rv As New System.Security .Cryptography.R ijndaelManaged( )
Dim ms As New MemoryStream(p)
Dim cs As New Cryptography.Cr yptoStream(ms,
rv.CreateDecryp tor(keyb, ivb),
System.Security .Cryptography.C ryptoStreamMode .Read)
Try
cs.Read(initial Text, 0, initialText.Len gth)
cs.FlushFinalBl ock()
Catch ex As Exception
Finally
ms.Close()
cs.Close()
End Try
Dim sb As New StringBuilder()
Dim i As Integer
Dim b As Byte
For i = 0 To initialText.Len gth() - 1
b = initialText(i)
If (b = 0) Then ' The encryption pads with NULLs,
break so the aren't added to the string!
Exit For
End If
sb.Append(Conve rt.ToChar(b))
Next
Return sb.ToString()
End Function
End Class
Then we add this to the cookie.
Questions:
1. Is my reasoning correct and is the encryption mechanism preventing
auto login for users with special characters?
2. What would be the possible solution? How can I encrypt special
characters so they work?
Thanks.
Andrzej
0  3542  This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: http://sterlingdeepwaterbay.ath.cx |
last post by:
I am working on excryption for software my company si developing. Its
fairly simple. I use Rijndael Algorith , we could use DES or MD5.
Do you think that this way in secure enough.
Key is stored in the program. No way for any users to know it without
decompiling the prog.
login.db -> encrypted to log.enc
when an operation needs the db
|
by: muthu |
last post by:
Hi,
I have two web applications running on my machine.The
application is developed using asp.net 1.1 and vb.net.When i try to run
both the applications in the same browsers, i get the following error.
(System.Security.Cryptography.CryptographicException: Bad Data. at
System.Security.Cryptography.CryptoAPITransform._DecryptData(IntPtr
hKey, Byte rgb, Int32 ib, Int32 cb, Boolean fDone) at...
|
by: =?Utf-8?B?ZGF2aWQ=?= |
last post by:
Hi, everybody here.
I am implementing data encryption/decryption, and try to use
System.Security.Cryptography.TripleDESCryptoServiceProvider.
But I can not find it in MS Visual Studio when I wrote code like (C#)
using System.Security.Cryptography.TripleDESCryptoServiceProvider;
Under System.Security.Cryptography, only have X509Certificates.
|
by: ajl |
last post by:
I am getting following error on accessing a asp.net application from virtual directory /website.
Please suggest me the solution.
Server Error in '/website' Application.
--------------------------------------------------------------------------------
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact...
|
by: Eric Simmons |
last post by:
Hello,
I am trying to run a .NET 2.0 application that I developed and I am
getting the following error:
Key not valid for use in specified state
I am attempting to retrieve the X509Certificate2.PrivateKey as an XML
string via the ToXmlString() function and this error occurs. Below is
an example of the command line call that I used to make my test
| | |
by: andrew |
last post by:
Hi,
I have a web service application written in C# .NET 1.1 using
MD5CryptoServiceProvider.ComputeHash(Byte)
The problem is that after a while(web service processes requests) the call
throws CryptographicException "the parameter is incorrect"
Here's the stack trace:
System.Security.Cryptography.CryptographicException: The parameter is
|
by: Amelyan |
last post by:
Why does this happen? How to fix it?
Once in a while I get error in ~/ScriptResource.axd?d=...
System.Reflection.TargetInvocationException: Exception has been thrown by
the target of an invocation. --->
System.Security.Cryptography.CryptographicException: Padding is invalid and
cannot be removed.
at
|
by: SAL |
last post by:
Hello,
at our company we have two different web development platforms, ASP.NET and
ColdFusion.
We are trying to merge security between the platforms to provide a security
blanket, so-to-speak, around all our apps.
We are trying to come up with the same encryption for a simple string with a
simple Key using AES encryption. Since AES uses Rijndael I'm using that
algorithm.
I admit my understanding of this is very limited but here's what we...
|
by: a.bavdhankar |
last post by:
Hi,
I am using System.Security.Cryptography.RijndaelManaged in web
application that is executed under annonymous user.
I am getting access denied error message. It seems annonymous user
does not have access to a specific registry but i am unable to figure
it out which registry setting i must look upon.
Annonymous user is member of guest account only.
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
