0

I have working with C# Application. I have two sensitive data in my XML file that is Username and Password. 

I want to:

Encrypt and Decrypt the username and password when login, save the file, and load xml. Can any one help me in this?

The xml file is

<Users>
  <user username="kelil2000">
    <password>123</password>
    <author>Home Owner</author>
    <name>Kelil</name>
    <mobile>0911</mobile>
  </user>
  <user username="usminuru">
    <password>1234</password>
    <author>Home Owner</author>
    <name>Ismail K.</name>
    <mobile>0910178976</mobile>
  </user>
 </Users>

Login :

 if (txtUserName.Text == "" || txtPassword.Text == "")
            {
                MessageBox.Show("Username or Passowrd field is empty, try again!");
                ClearTextBoxes();
                return;
            }

            int i = 0; // we use this variable to count if ther’s a user with this name

            XmlDocument myXml=new XmlDocument();

            myXml.Load(Application.StartupPath + "/AppUsers/Users.xml");            

            XmlNodeList userList = myXml.SelectNodes("Users/user");

            foreach(XmlNode user in userList)

            {

                string userName = user.Attributes["username"].Value;

                string userPassword = user["password"].InnerText;

                string userAuthor = user["author"].InnerText;

                if (userName == txtUserName.Text)

                {

                    ++i;

                    if (userPassword == txtPassword.Text)

                    {

                        Form panel;

                        this.Opacity = 0;

                        switch(userAuthor)

                        {   

                            case "Home Owner":

                                panel = new MainWindow();

                                panel.Show();

                                break;

                            case "Member" :

                                panel = new Report();

                                panel.Show();

                                break;


                        }


                    }

                    else

                    {

                        MessageBox.Show("Wrong Password!");
                        ClearTextBoxes();

                    }

                }

              }

            if (i == 0)

                MessageBox.Show("No specified user with this name!");
            ClearTextBoxes();
        }

Save xml:

 private void AddUser()
        {
            if (txtUserName.Text == "" || txtPassword.Text == "" || cmbAuthor.Text == "" || txtName.Text == "" || txtMobile.Text == "")
            {
                MessageBox.Show("Filed is empty");
                return;
            }
            try
            {
                string _file = (Application.StartupPath + "/AppUsers/Users.xml");
                XDocument doc;

                if (!File.Exists(_file))
                {
                    doc = new XDocument();
                    doc.Add(new XElement("Users"));
                }
                else
                {
                    doc = XDocument.Load(_file);
                }

                doc.Root.Add(
                      new XElement("user",
                                   new XAttribute("username", txtUserName.Text),
                                   new XElement("password", txtPassword.Text),
                                   new XElement("author", cmbAuthor.Text),
                                   new XElement("name", txtName.Text),
                                   new XElement("mobile", txtMobile.Text)
                            )
                      );
                doc.Save(_file);

            }
            catch (Exception ex)
            {
                MessageBox.Show("Something Wrong!" + ex.ToString());
            }
        }

Load XML file

private void loadXmlData()
        {

            listView1.Items.Clear();
            XDocument doc = XDocument.Load(Application.StartupPath + "/AppUsers/Users.xml");
            doc.Descendants("user").ToList()
   .ForEach(x => listView1.Items.Add(
                 new ListViewItem(
                 new string[] { 
                                 x.Attribute("username").Value,
                                 x.Element("password").Value, 
                                 x.Element("author").Value,  
                                  x.Element("name").Value,
                                 x.Element("mobile").Value}))
           );



        }
usminuru
  • 335
  • 4
  • 8
  • 19
  • 3
    You definitely *don't* want to save the user's password, encrypted or otherwise, anywhere on the server. If anything, you want to store [secure salted hashes](https://crackstation.net/hashing-security.htm) of the user's password. If you are a newbie at "all of this stuff", I **strongly** recommend that you don't touch it at all until you know what you are doing. Cryptography is hard. Rolling your own security system is always an extremely bad idea, even for experienced people. Don't do it. Look for ready-made libraries instead. – Tomalak May 28 '15 at 06:59
  • Never store a password! Certainly not in plain text, but also not encrypted. Encryption can be decrypted! Always store the hashed (and salted) password. The main difference is that hash algorithms are *not* reversable by design. See http://stackoverflow.com/a/401684/1336590 (not only relevant for php). – Corak May 28 '15 at 07:15

1 Answers1

1

First of all you need to choose which encryption to use and where to save your key . once you've done that , you need to run the encryption / decryption method on the value that you are writing/reading from the XML file.

Uriel Zilberberg
  • 104
  • 2