0

where should i perform coding to encrypt password?? controller or view

    <div class="form-group">
    @Html.LabelFor(model => model.Password, htmlAttributes:new{@class="control-label col-md-2" })

    <div class="col-md-10">
    @Html.EditorFor(model => model.Password, 
    new { htmlAttributes = new { @class = "form-control", @type = "password" } })

    </div> 
    </div>
Stavan Shah
  • 23
  • 1
  • 7
  • I am not sure of what you want to achieve. Can you explain further? – Thugge Aug 03 '17 at 09:24
  • Options here: https://stackoverflow.com/questions/39802164/asp-net-mvc-how-to-hash-password – SQLAndOtherStuffGuy Aug 03 '17 at 09:24
  • i have a form in which i am entering password – Stavan Shah Aug 03 '17 at 09:25
  • Submit the form, pass the password to the controller, hash it, forget the password forever, save the hash, done. – T. Jung Aug 03 '17 at 09:28
  • problem is how to pass the password to controller?? @T.Jung – Stavan Shah Aug 03 '17 at 09:29
  • @GSerg is right. If your are using the [UserManager](https://msdn.microsoft.com/en-us/library/dn613290(v=vs.108).aspx) you can do: `UserManager.createAsync(yourApplicationUser, model.Password)` . The Usermanager saves the User to your DB with the username and the hashed password. – T. Jung Aug 03 '17 at 09:42

1 Answers1

0

It depends on you site. If you are using a secure connection you can just hash the password in the controller (or wherever in the server code).

If you are using a not secure connection, I suggest to read this thread: https://forums.asp.net/t/2006037.aspx?Password+is+still+in+plain+text

Here the suggestion is to hash the password from the textbox, store it in an hidden field in the form and send the hidden field to the server instead of the password field.

Davide Bellone
  • 89
  • 2
  • 10