Secure User Authentication

From GTA Network Wiki
Jump to: navigation, search

Secure User Authentication

Introduction

This page will explain how to encrypt passwords and how you should authenticate a user.

What makes a secure user authentication?

Every password stored is encrypted and is extremely difficult to be decrypted.

To authenticate the user, encrypt the password the user entered and compare it with the one you have stored. Do they match?

How can we do that?

Better explained with code!

string stored_password = "";//Retrieve this from your database
string password = "";//User giving password

byte[] data = System.Text.Encoding.UTF8.GetBytes(password); //Converting string to UTF8bytes
data = new System.Security.Cryptography.SHA256Managed().ComputeHash(data);//Encrypt the password using SHA256
string hashed_password = System.Text.Encoding.UTF8.GetString(data);//Converting UTF8 bytes to string

if(stored_password == hashed_password) {
//User logged in
}
else {
//Wrong password
}

User registrations should be handled using the same method.

string password = "";//User giving password

byte[] data = System.Text.Encoding.UTF8.GetBytes(password); //Converting string to UTF8 bytes
data = new System.Security.Cryptography.SHA256Managed().ComputeHash(data);//Encrypt the password using SHA256
string hashed_password = System.Text.Encoding.UTF8.GetString(data);//Converting UTF8 bytes to string

//Store hashed_password in the database

And there you have it! That's all there is to it. You have now authenticated your user.