How can I convert password string to Base64 string before sending form to backend?

Question

I have a sample registration form, it works properly for most cases, but when I try to register new user with password "U8$&#6G#CBj" I'm getting an exception "A potentially dangerous Request.Form value was detected from the client" My idea is to convert password to Base64 format before sending it to backend and on backend convert it back. How can I do it?

@using (Html.BeginForm("Login", "Account", new { ReturnUrl = ViewBag.ReturnUrl }, FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
     {
        @Html.AntiForgeryToken()
        <h4>Use a local account to log in.</h4>
        <hr />
        @Html.ValidationSummary(true, "", new { @class = "text-danger" })
        <div class="form-group">
           @Html.LabelFor(m => m.Email, new { @class = "col-md-2 control-label" })
           <div class="col-md-10">
              @Html.TextBoxFor(m => m.Email, new { @class = "form-control" })
              @Html.ValidationMessageFor(m => m.Email, "", new { @class = "text-danger" })
           </div>
        </div>
        <div class="form-group">
           @Html.LabelFor(m => m.Password, new { @class = "col-md-2 control-label" })
           <div class="col-md-10">
              @Html.PasswordFor(m => m.Password, new { @class = "form-control" })
              @Html.ValidationMessageFor(m => m.Password, "", new { @class = "text-danger" })
           </div>
        </div>
        <div class="form-group">
           <div class="col-md-offset-2 col-md-10">
              <div class="checkbox">
                 @Html.CheckBoxFor(m => m.RememberMe)
                 @Html.LabelFor(m => m.RememberMe)
              </div>
           </div>
        </div>
        <div class="form-group">
           <div class="col-md-offset-2 col-md-10">
              <input type="submit" value="Log in" class="btn btn-default" />
           </div>
        </div>
        <p>
           @Html.ActionLink("Register as a new user", "Register")
        </p>
        @* Enable this once you have account confirmation enabled for password reset functionality *@
        <p>
           @Html.ActionLink("Forgot your password?", "ForgotPassword")
        </p>
     }

http://stackoverflow.com/questions/246801/how-can-you-encode-a-string-to-base64-in-javascript — Alexei Levenkov, Aug 31 '16 at 18:39
[This](http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client) will help. — Dandy, Sep 01 '16 at 06:28

score 2 · Accepted Answer · edited May 23 '17 at 10:29

With help of Alexei Levenkov for frontend part and Vidhyadhar Galande for backend I solved my problem here is the code: on View to form I have added this javascript function on submit event

function encode(){
        $('#Password').val(btoa($('#Password').val()));
        $('#ConfirmPassword').val(btoa($('#ConfirmPassword').val()));
    }

and on backend decode strings back:

private string DecodeFromBase64(string inputBas64)
{
    var base64EncodedBytesPassword = System.Convert.FromBase64String(model.Password);
    string password = System.Text.Encoding.UTF8.GetString(base64EncodedBytesPassword);
    return password;
}

score 0 · Answer 2 · answered Sep 01 '16 at 05:22

Try this

1) base64(Encode/decode)

 public static string base64Encode(string sData) // Encode
 {
   try
    {
       byte[] encData_byte = new byte[sData.Length];
       encData_byte = System.Text.Encoding.UTF8.GetBytes(sData);
       string encodedData = Convert.ToBase64String(encData_byte);
       return encodedData;
    }
   catch (Exception ex)
   {
       throw new Exception("Error in base64Encode" + ex.Message);
   }
 }

public static string base64Decode(string sData) //Decode
 {
    try
    {
      var encoder = new System.Text.UTF8Encoding();
      System.Text.Decoder utf8Decode = encoder.GetDecoder();
      byte[] todecodeByte = Convert.FromBase64String(sData);
      int charCount = utf8Decode.GetCharCount(todecodeByte, 0, todecodeByte.Length);
      [] decodedChar = new char[charCount];
      utf8Decode.GetChars(todecodeByte, 0, todecodeByte.Length, decodedChar, 0);
      string result = new String(decodedChar);
      return result;
   }
  catch (Exception ex)
   {
      throw new Exception("Error in base64Decode" + ex.Message);
    }
}

2) EncodePasswordMd5

 public static string EncodePassword(string pass, string salt) //encrypt password
   {
      byte[] bytes = Encoding.Unicode.GetBytes(pass);
      byte[] src = Encoding.Unicode.GetBytes(salt);
      byte[] dst = new byte[src.Length + bytes.Length];
      System.Buffer.BlockCopy(src, 0, dst, 0, src.Length);
      System.Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
      HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
      byte[] inArray = algorithm.ComputeHash(dst);
      //return Convert.ToBase64String(inArray);
      return EncodePasswordMd5(Convert.ToBase64String(inArray));
   }
  public static string EncodePasswordMd5(string pass) //Encrypt using MD5
   {
      Byte[] originalBytes;
      Byte[] encodedBytes;
      MD5 md5;
      //Instantiate MD5CryptoServiceProvider, get bytes for original password and compute hash (encoded password)
      md5 = new MD5CryptoServiceProvider();
      originalBytes = ASCIIEncoding.Default.GetBytes(pass);
      encodedBytes = md5.ComputeHash(originalBytes);
      //Convert encoded bytes back to a 'readable' string
      return BitConverter.ToString(encodedBytes);
  }

@Using Namespace

  using System;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Web;

on backend this is useful, but I need to convert string on frontend site — Ivan Sukhetskyi, Sep 01 '16 at 15:31

How can I convert password string to Base64 string before sending form to backend?

2 Answers2