Reputation: 453
Simple password validation c# MVC
I'm making a simple news feed where i enter a new item from a form hidden on a url that i manually need to type in (no account functionality). But i wanted a additional line of defense if the form is found so i added a password field so if the password match the preset i have then the form saves the data in to a xml file.
Now the question is, whats the best practice here to make that validation and where do i put the password?
At the moment my code looks like this:
[HttpPost]
[ValidateAntiForgeryToken()]
public ActionResult AddPost(AddPostModel model)
{
if (ModelState.IsValid && model.Password == "MyPassword")
{
AddPostModel.AddPostToXML(model);
}
return RedirectToAction("Index");
}
The thing is that its a small site and at worst they add news item that should not be there. So do i need to take additional precautions or is it secure enough for what its supposed to protect?
Since i'm quite new i don't have a lot of experience in security so any guidelines or what to keep in mind would also be much appreciated.
Thanks!
Upvotes: 1
Views: 1000
Answers (2)
Reputation: 453
After some discussion i settled on having a hashed password in the web.config that i then check against to see if the password is the right one. Then during the check i just hash the entered password with the same function and check if its a match.
Here is the class i built if any one else is looking for something similar. =)
public class Security
{
public static bool ValidatePassword(string password)
{
string hashValue = HashPassword(password);
if (hashValue == ConfigurationManager.AppSettings["password"])
{
return true;
}
return false;
}
private static string HashPassword(string passwordToHash)
{
HashAlgorithm hash = new SHA256Managed();
byte[] plainTextBytes = System.Text.Encoding.UTF8.GetBytes(passwordToHash);
byte[] hashBytes = hash.ComputeHash(plainTextBytes);
//in this string you got the encrypted password
return Convert.ToBase64String(hashBytes);
}
}
Upvotes: 1
Reputation:
I found useful link that might help you to have an idea about customising the security level http://www.c-sharpcorner.com/uploadfile/jitendra1987/password-validator-in-C-Sharp/ Have you looked at the Ajax toolkits!? They have good mechanisms to setup your first line of security defence i.e. length of password, adding complexity and other features. Please have a look at: http://www.ajaxcontroltoolkit.com/PasswordStrength/PasswordStrength.aspx
Upvotes: 0
Related Questions
- Is there a way to crack the password on an Excel VBA Project?
- Getting a hidden password input
- How to reset Django admin password?
- Disable browser 'Save Password' functionality
- Is there a minlength validation attribute in HTML?
- File Upload ASP.NET MVC 3.0
- How should I ethically approach user password storage for later plaintext retrieval?
- MVC HttpPost ActionResult issue
- How to get custom information from UserProfile?