Reputation: 4727
Password need to be decrypted while sending mail
When creating Users the credential of password is getting saved in encrypted format in the Database. Now what I want is,
When user goes for Forgot password option, he needs to fill the email ID and the respective password is sent to his email ID.
The issue is that the password is coming in encrypted format only, Example:-
3ab315c4b788dc6de20ff5f64574501f
Below is my code for sending mail with the username and details
DataSet ds = new DataSet();
using (SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["DefaultCSRConnection"].ConnectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand("SELECT username,password FROM tbl_User Where email= '" + txtEmail.Text.Trim() + "'", conn);
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(ds);
conn.Close();
if (ds.Tables[0].Rows.Count > 0)
{
MailMessage Msg = new MailMessage();
// Sender e-mail address.
Msg.From = new MailAddress(txtEmail.Text);
// Recipient e-mail address.
Msg.To.Add(txtEmail.Text);
Msg.Subject = "Password Details";
Msg.Body = "Hi, <br/>Please check your Login Details<br/><br/>Your Username is: " + ds.Tables[0].Rows[0]["username"] + "<br/><br/>Your Password is: " + ds.Tables[0].Rows[0]["password"] + "<br/><br/>";
Msg.IsBodyHtml = true;
// your remote SMTP server IP.
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com";
smtp.Port = 587;
smtp.Credentials = new System.Net.NetworkCredential("[email protected]", "********");
smtp.EnableSsl = true;
smtp.Send(Msg);
Msg = null;
//lbltxt.Text = "Your Password Details Sent to your mail";
ScriptManager.RegisterStartupScript(this, this.GetType(), "alert", "alert('Your Password Details Sent to your mail');window.location ='Login.aspx';", true);
// Clear the textbox valuess
txtEmail.Text = "";
}
else
{
Response.Write("<script>alert('Email Id you entered does not exist');</script>");
}
}
Also see my encrypted code while sending the password in encrypted format. It is MD5 format
private string md5(string sPassword)
{
MD5CryptoServiceProvider x = new MD5CryptoServiceProvider();
byte[] bs = System.Text.Encoding.UTF8.GetBytes(sPassword);
bs = x.ComputeHash(bs);
System.Text.StringBuilder s = new System.Text.StringBuilder();
foreach (byte b in bs)
{
s.Append(b.ToString("x2").ToLower());
}
return s.ToString();
}
Please guide.
Upvotes: 1
Views: 1679
Answers (1)
Reputation: 2095
Couple problems here worth highlighting.
Your passwords are not encrypted they are hashed.
You are using md5 which is proven to be broken for some time now.
Firstly you should understand the difference between hashing and encrypting
Then you should not use md5 to hash your passwords - I would recommend using ready 3rd party solution for it or doing serious read up on the topic before attempting.
Then when recovering forgotten password I would advice you to re-set it with new one instead of trying to send old one (btw. it's impossible to de-hash password).
Also in ideal world you don't want to send passwords in email, but have a proper mechanism to recover password
Upvotes: 2
Related Questions
- Encrypting/Decrypting an SMTP Password in a Client/Server App
- Send email in ASP.net without password
- How to secure password in code c# email client
- sending email in asp.net sends password instead of email
- C# Password Encryption
- Encrypt and Decrypt password
- Secure Email in C#
- How to encrypt password/email c#
- How to send a Secure e-mail using SMTP
- password encrypt/decrypt