Home/ Questions/Q 8458461
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T13:05:16+00:00

I have my own password encryption dll that I am using to check the

  • 0

I have my own password encryption dll that I am using to check the user’s password when they login, this is referenced in my User entity.

Now I have created the ability for a user to register which is working fine, apart from the passwords are yet to be encrypted.

My question is quite simple, where should I put the encryption of the new user’s password? I’m not sure as I am aware that the user’s password shouldn’t be transmitted in plain text, therefore I don’t know where the best place to call the encryption function:

  • User Entity (where the encryption dll is already used for validation).
  • The User repository where the save user method is.
  • The User controller where the user creation views are controlled.
  • Somewhere else that I haven’t considered!

Thanks very much

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First of all, for client – server communication, I would suggest you to use SSL for the sensitive information (like passwords) not to be transferred in plain text format.

    Afterwards, it’s the common practice not to save passwords anywhere (even with encryption, but the hashed values of them.

    You can put the hash function to the set method of password property. Here is an example:

    public class Member
{
    private string _username;

    public string Username
    {
        get { return _username; }
        set { _username = value.ToLowerInvariant(); }
    }

    public string Passhash {get;set;}

    public void SetPassword(string password)
    {
        Passhash = Crypto.Hash(password);
    }

    public bool CheckPassword(string password)
    {
        return string.Equals(Passhash, Crypto.Hash(password));
    }
}

public static class Crypto
{
    public static string Hash(string value)
    {
        return Convert.ToBase64String(
            System.Security.Cryptography.SHA256.Create()
            .ComputeHash(Encoding.UTF8.GetBytes(value)));
    }
}

    Edit:

    As Craig Stuntz pointed out, the Hash code in this example is very simple. See the following post for a more secure way to hash your password: Hashing passwords with MD5 or sha-256 C#

    • 0