How to encrypt a password (asp.net c#)

Question

I've got a webpage in asp.net, with C# as the codebehind. Every user has a hashed password, made using the PWDENCRYPT, but I do that manually using a file on the SQL Server. I'm looking at having it so that everyone can change their own passwords.

At the moment I've got:

            SqlCommand cmd = new SqlCommand("select pwdencrypt('@MyPass')", Conn);
            cmd.Parameters.AddWithValue("@MyName", txtNewPass1.Text);
            string HashedPass;
            try
            {
                Conn.Open();
                HashedPass = cmd.ExecuteScalar().ToString();
                //rdr = cmd.ExecuteReader();
                //while (rdr.Read())
                //{
                //    if (rdr["pwdencrypt"] != DBNull.Value) MyNewPassH = (string)rdr["pwdencrypt"];
                //}
            }
            finally
            {
                if (rdr != null)
                {
                    rdr.Close();
                }
                if (Conn != null)
                {
                    Conn.Close();
                }
            }

This takes the new value for our password (txtNewPass1.Text) and tries to get the hashed password into the HashedPass string. We would then (after all this) take that HashedPass and put it into the database, which is all fine and dandy.

At the moment though, this is simply returning a System.Byte[] - or something along those lines. As said, I am looking at having it in a string and then putting it into the database. Anyone got any ideas? I'm probably doing something wrong but don't quite know what.

Answer 1

You can convert a byte[] to a string using base64 encoding.

string encodedString = System.Convert.ToBase64String(myBytes);

Or you might want to store the bytes in your DB more directly using a BLOB or other similar data type (e.g. BINARY or VARBINARY). (I'm not too familiar with SQL Server's data types here, so I can't recommend which precisely to use.)