Monday, June 25, 2007

Hashing Passwords

In many web site you have seen that they reset your password instead of giving your current password. The only reason that they do this is that actually they cannot retrieve your password.
The way that you store passwords in databases it 's really important. If you store all the users and passwords in clear text, if somebody can access to your database she might do what ever she want. Because of this it 's recommended to store passwords in a way that nobody can get it.
In Hash algorithms you cannot get the original value from the hashed value. And It 's approximately impossible to find a value which the hash of that value become the same as your hashed value. (But not 100%). So I 'm going to tell you how you can Hash your password and store that in your database.

In System.Security.Cryptography namespace there is a class named HashAlgorithm which is a base class for all Hashing algorithm classes such as SHA1Managed or MD5 and ...

It has a method named ComputeHash which return a byte[] of hashed value you passed as byte[]. Take a look at these lines:


HashAlgorithm hashAl = HashAlgorithm.Create("MD5");
byte[] myPasswordInBytes = Encoding.Unicode.GetBytes(txtPassword.Text);

byte[] myHashedPassword = hashAl.ComputeHash(myPasswordInBytes);


Now you can store your hashed password in wherever you want.
Notice that next time the user tries to login , you have to again hash the password and compare it with the one it 's stored in Database, like this:


private bool CompareHashPasswords(byte[] hashedNewPass, byte[] hashedPass)
{

if (hashedNewPass == null || hashedPass == null || hashedNewPass.Length != hashedPass.Length)

return false;

for (int i = 0; i <>
{

if (hashedPass[i] != hashedNewPass[i])

return false;

}

return true;

}


Download the sample code:
http://www.tabatabaei.info/csharpsamples/HashPassword.zip

Tuesday, June 19, 2007

Impersonation in C#

Imagine you are going to create an application that have a method which is working with a file named Test.txt. When you run the application your code throws an error containing this message : "Access Denied on C:\Test\test.txt". After reviewing the code you find out that because the current user of windows does not have access to "C:\Test" directory. Now you want to force your application to use another User information in that block of code, we call this procedure Impersonation.

There is some classes in System.Security.Principal which helps you to achieve this goal. WindowsIdentity and WindowsImpersonationContext are two classes which we are going to use. We want to use Impersonate() method of WindowsIdentity which return a WindowsImpersonationContext. Then after you 've finished working with your file after calling Impersonate() method, you can return you current login of windows using Undo() method of your WindowsImpersonationContext instance. like this:

IntPtr accessToken = IntPtr.Zero;
....
//You have to initialize your accessToken with API calling
....
WindowsIdentity identity = new WindowsIdentity(accessToken);
WindowsImpersonationContext context = identity.Impersonate();
...
// Now your code is using the new WindowsLogin and you can do what ever this login can do
...

//Now you can return to your current login of Windows
context.Undo();


You can download the complete sample code here:
http://www.tabatabaei.info/csharpsamples/Impersonation.zip

Monday, June 11, 2007

Multi Row Selection in GridView

It some cases you want to have the ability to select mutli rows in GridView. By default it can not be done in GridView, but you can have a CheckBox for each row in your GridView and then users can select two or more row by checking the CheckBoxes.

So, after you created your GridView and binding that to a DataSource. You can add a TemplateColumn in your GirdView as the first Column. Like this:


<asp:TemplateField HeaderText="Select">
<ItemTemplate>
<asp:CheckBox ID="chkSelect" runat="server" />
</ItemTemplate>
</asp:TemplateField>

Then you can have the selected rows index with these lines of code:

private int[] GetSelectedIndices()
{
ArrayList indicesList = new ArrayList();
for(int i = 0 ; i <>
{
GridViewRow row = GridView1.Rows[i];
// 0 means the first column if your Select column is not first write it 's correct index
CheckBox chk = row.Cells[0].FindControl("chkSelect") as CheckBox;
if(chk != nul && chk.Checked)
indeicesList.Add(i);
}
return (int[]) indicesList.ToArray(typeof(int));
}

you can find sample code here:
http://www.tabatabaei.info/csharpsamples/mutlirowselectgrid.zip

Sunday, June 3, 2007

Constructor Overloading

Here is a simple sample of constructor overloading.
There is nothing to explain I think, but if anybody has question leave it on comment, I will answer.

Here is the link:
http://www.tabatabaei.info/csharpsamples/ConstructorOverloading.zip

Friday, June 1, 2007

ASP .NET Page Caching

ASP .NET 2.0 provides a great mechanism for page out put caching. Consider that you have a web page which is showing some information to the users. Now we want to cache this page out put for user with 60 seconds.

To achieve this goal you need just put some code in your pages like this:

<%@ OutputCache VaryByParam="None" Duration="60" %>

The OutputCache directive will create a copy of your page html output to ASP .NET Cache and from the next request to this page up to the end of Duration period the response object will return only this Html cached output. So as you see I’ve put 60 in Duration which mean that the cache duration is 60 seconds.

VaryByParam attribute is semicolon-separated list of strings used to vary the output cache. When I set it to “None” it means that this page will just have one version in its cache. But if I set it to catalogId it means that it will cache each and every page with different catalogId Query String passed. Like this:

http://www.mywebsite.com/mypage.aspx?catalogId=10 ==> version 1

http://www.mywebsite.com/mypage.aspx?catalogId=102 ==> version 2

http://www.mywebsite.com/mypage.aspx?catalogId=1010 ==> version 3


And so on....
As I said, VaryByParam can have more that one parameters as semicolon-seperated list, like this:

<%@ OutputCache VaryByParam="None" Duration="60" %>

I will discuss more about page output cache in my next post.