Encrypt data with MD5 in ASP.NET

Once you start storing sensitive data in your database, you’ll inevitably find that you want to encrypt some of the things you are storing, typically user passwords. The most secure sites will generally work with one way encryption meaning that there is no way for you to decrypt the data. The MD5 algotrithm is a popular way to encrypt data and ASP.NET has some encryption classes built in to allow you to work with MD5.

Let’s start by examining some code to encrypt the string. I’m setting it up as a function within a custom class. Remember that you need to import/using the following libraries System.Security, System.Security.Cryptography, System.Text.

We’ll use the MD5CryptoServiceProvider object, then convert our string to a byte array and find the hash. Once we have that, we’ll go through the array byte by byte to convert it into a hexidecial string and return the encrypted string! I wish ASP.NET just had a simple built in function to do this, but now you have it!

C# public static string EncryptString(string input) { // Create a new instance of the MD5CryptoServiceProvider object. MD5 md5Hasher = MD5.Create(); // Convert to a byte array and get the hash. byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input)); StringBuilder sBuilder = new StringBuilder(); // Loop through each byte of the hashed data // and format each one as a hexadecimal string. for (int i = 0; i < data.Length; i++) { sBuilder.Append(data[i].ToString("x2″)); } // Return the hexadecimal string. return sBuilder.ToString(); }

VB.NET Public Shared Function EncryptString(ByVal input As String) As String     ' Create a new instance of the MD5CryptoServiceProvider object.     Dim md5Hasher As MD5 = MD5.Create()         ' Convert the input string to a byte array and compute the hash.     Dim data As Byte() = md5Hasher.ComputeHash(Encoding.[Default].GetBytes(input))         Dim sBuilder As New StringBuilder()         ' Loop through each byte of the hashed data     ' and format each one as a hexadecimal string.     For i As Integer = 0 To data.Length - 1         sBuilder.Append(data(i).ToString("x2″))     Next         ' Return the hexadecimal string.     Return sBuilder.ToString() End Function

Once you have this setup in a class names Encryption for example, the usage is simple, you simply call it ' add the semi colon for C# of course Encryption.EncryptString("this")

So if you have encrypted a password and saved it into your database but can’t encrypt it, how can you use it for passwords? Thankfully, the algorithmn will create the same encryption for the same string of text. So what you need to do is check the password provided in your login form and encrypt the password with the same function. Then compare that with the string saved in the database and you’ll know if the two strings match. Simple as that!