Login Form in c#

  • (2 Pages)
  • +
  • 1
  • 2

18 Replies - 14847 Views - Last Post: 03 July 2013 - 09:15 AM Rate Topic: ****- 1 Votes

#1 ogadit   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 22
  • Joined: 31-July 12

Login Form in c#

Posted 03 July 2013 - 05:24 AM

Hi!
As the title suggests i'm making a Login Application in C#, which would read from a text file.
the code for the login button is:
string s;
            using (StreamReader reader = new StreamReader(@"C:\Users\Osama.OM\Documents\New folder\ss.txt"))
            {
                s = reader.ReadLine();
            }
            string[] ss = s.Split(':');
            if (txtUser.Text == ss[0])
            {
                if (txtPass.Text == ss[1])
                {
                    this.Hide();
                    Properties.Settings.Default.ss = txtUser.Text;
                    Properties.Settings.Default.Save();
                    MainForm mf = new MainForm();
                    mf.Show();
                }
                else
                {
                    MessageBox.Show("Sorry Wrong Password");
                }
            }
            else
            {
                MessageBox.Show("Sorry Wrong Username");
            }


now the ss.txt file contains:
"abc:1111
cbc:1122"
now the code i have reads the first user which is abc and its password is 1111, what i want is to make the program read the second user too.

Is This A Good Question/Topic? 0
  • +

Replies To: Login Form in c#

#2 MrShoes   User is offline

  • D.I.C Addict
  • member icon

Reputation: 331
  • View blog
  • Posts: 512
  • Joined: 13-June 12

Re: Login Form in c#

Posted 03 July 2013 - 05:47 AM

Reader.ReadLine() will read the next line. Keep using that until it returns null and you'll get all your credentials.
Was This Post Helpful? 0
  • +
  • -

#3 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7053
  • View blog
  • Posts: 23,976
  • Joined: 05-May 12

Re: Login Form in c#

Posted 03 July 2013 - 06:03 AM

Ummm, about String.Split()... What happens if the user's password contains a ':'?

Spoiler

Was This Post Helpful? 0
  • +
  • -

#4 ogadit   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 22
  • Joined: 31-July 12

Re: Login Form in c#

Posted 03 July 2013 - 06:50 AM

View PostSkydiver, on 03 July 2013 - 06:03 AM, said:

Ummm, about String.Split()... What happens if the user's password contains a ':'?

Spoiler

I never thought of that :P/>
but i'm just making it for learning purposes so, no biggy!.

And MrShoes could you explain a little more

This post has been edited by Curtis Rutland: 03 July 2013 - 06:51 AM
Reason for edit:: removed double post

Was This Post Helpful? 0
  • +
  • -

#5 Curtis Rutland   User is offline

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 5106
  • View blog
  • Posts: 9,283
  • Joined: 08-June 10

Re: Login Form in c#

Posted 03 July 2013 - 06:50 AM

I feel like that's the least of his problems there, Skydiver. Beyond the using of hardcoded paths, storing username/password pairs in an unencrypted/unhashed format in an unprotected text file, and telling the user which part of his credentials is wrong...I realize this probably isn't going to be something that has to be secure, but it still bugs the security part of my brain. If you're going to do security at all, do it right. If not, don't bother, because this is beyond trivial to bypass.

Sorry, but it's a pet peeve of mine. That title in my signature is a security certification.

@ogadit, what MrShoes meant is that instead of reading one line from the text file, you should read it in a loop, into a string array instead of a single string.

Or, you could use the File.ReadAllLines method to handle that all for you.
Was This Post Helpful? 0
  • +
  • -

#6 ThrowsException   User is offline

  • D.I.C Head

Reputation: 33
  • View blog
  • Posts: 83
  • Joined: 21-February 12

Re: Login Form in c#

Posted 03 July 2013 - 06:54 AM

You want to keep looping through the file and read each line with something like this

http://msdn.microsof...r.readline.aspx
using (StreamReader sr = new StreamReader(path)) 
{
   while (sr.Peek() >= 0 && [didn't find password]) 
   {
       Console.WriteLine(sr.ReadLine());
   }
}



set a flag somewhere to tell if the read line returned the credentials you were looking for to get out of the while loop and continue your processing
Was This Post Helpful? 1
  • +
  • -

#7 ogadit   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 22
  • Joined: 31-July 12

Re: Login Form in c#

Posted 03 July 2013 - 07:02 AM

I think nobody understood my question if you look at my code you'll see these lines:
if (txtUser.Text == ss[0])
            {
                if (txtPass.Text == ss[1])
                


the ss is the array right, I want to make it read the usernames which are behind the semicolon (:),
and the password after that.
Was This Post Helpful? 0
  • +
  • -

#8 Curtis Rutland   User is offline

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 5106
  • View blog
  • Posts: 9,283
  • Joined: 08-June 10

Re: Login Form in c#

Posted 03 July 2013 - 07:07 AM

No, we clearly understand your question. I've already explained exactly how to do what you need; you need to read all the data instead of just the first line. The best way to do that is into an array, and you'll need to use a loop to perform your logic for all entries in the file.

ss is your split array. I'm telling you that you need to read your file into a different array, one entry for each line in the file. Then loop over that, and do your logic.
Was This Post Helpful? 0
  • +
  • -

#9 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7053
  • View blog
  • Posts: 23,976
  • Joined: 05-May 12

Re: Login Form in c#

Posted 03 July 2013 - 07:07 AM

Move the core of your code into a loop like described by ThrowsException.
Was This Post Helpful? 0
  • +
  • -

#10 ogadit   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 22
  • Joined: 31-July 12

Re: Login Form in c#

Posted 03 July 2013 - 07:17 AM

Yayyy! now I understand Looping was all I needed
:bananaman:
Thanks to everybody who helped me
esp. Skydiver , ThrowsException, Curtis Rutland
Was This Post Helpful? 0
  • +
  • -

#11 Curtis Rutland   User is offline

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 5106
  • View blog
  • Posts: 9,283
  • Joined: 08-June 10

Re: Login Form in c#

Posted 03 July 2013 - 07:49 AM

Now consider going back and fixing the security model. I realize you said this is for practice, but nothing you've done here should ever actually be done in an application you want other people to use, so it's really not good practice. You shouldn't store users/pws in text files. You shouldn't store passwords in plain text. You shouldn't provide descriptive errors (notice that most sites will say "incorrect username or password", they do that for a reason. They know which one it was, and they probably logged that internally, but if they tell the end user, a hacker can brute force a list of usernames based on the response they get from the site).

So, if you want real practice, try re-creating this with all that in mind.
Was This Post Helpful? 1
  • +
  • -

#12 MrShoes   User is offline

  • D.I.C Addict
  • member icon

Reputation: 331
  • View blog
  • Posts: 512
  • Joined: 13-June 12

Re: Login Form in c#

Posted 03 July 2013 - 07:56 AM

You could also extend this software when considering your security model. How many failed attempts will cause you to lock the account? How do you denote it as locked? What happens then? Is there a security question system, does an admin unlock it, or do you get an email response with a link?

I wouldn't expect you to implement all this, but it's good to think about.

There are a lot of ways to do Encryption in C#. I often use the RjindaelManaged class.
Was This Post Helpful? 0
  • +
  • -

#13 optix212   User is offline

  • D.I.C Addict
  • member icon

Reputation: 30
  • View blog
  • Posts: 540
  • Joined: 10-October 09

Re: Login Form in c#

Posted 03 July 2013 - 08:02 AM

As a further to Curtis Rutland, you should look into SQL Compact databases. They can be made from inside of visual studio and are a lot harder to access than a text file because they themselves can be password protected. Furthermore, they are a lot more organized than text files because they already split your username and password values for you. What everyone's means by "you aren't securing your passwords" is that you aren't doing something called "hashing" them. For this, i would look into SHA256. Just hash the password, and store it into your DB. Whenever someone logs in, you hash that pass as well, and compare it to the hashed pass on your database. I have a tutorial on this subject on these forums. Look up Login/Register System using SQL Compact.

Sent from my LG-MS870 using Tapatalk 4 Beta
Was This Post Helpful? 0
  • +
  • -

#14 Curtis Rutland   User is offline

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 5106
  • View blog
  • Posts: 9,283
  • Joined: 08-June 10

Re: Login Form in c#

Posted 03 July 2013 - 08:08 AM

View PostMrShoes, on 03 July 2013 - 09:56 AM, said:

There are a lot of ways to do Encryption in C#. I often use the RjindaelManaged class.


That or the AES libraries would be a good way to encrypt the file itself (if you choose to go that route), but make sure you don't store the passwords that way. Encrypted passwords aren't much safer than plaintext ones, since it could be reversed. Store passwords as salted hashes.

Quote

For this, i would look into SHA256. Just hash the password, and store it into your DB


Good first steps, but if we want to talk real security, none of the SHA algorithms are a good choice for password hashes. They're too fast; it's too easy to compute massive rainbow tables quickly. Consider using PBKDF2, bcrypt, or scrypt for password hashing. All of these were designed to do "key stretching", so given a high enough work factor, creating rainbow tables takes an infeasibly long time.

On top of that, salt your hashes! Unsalted hashes means that I can make one rainbow table to attack every single password in your database. If you use a unique salt for each hash, I have to create a new table for each password, making cracking them a much, much more daunting task.



This is the problem with security. It's so much deeper than most people realize, but it's incredibly important to learn these concepts so you don't make insecure applications.
Was This Post Helpful? 0
  • +
  • -

#15 optix212   User is offline

  • D.I.C Addict
  • member icon

Reputation: 30
  • View blog
  • Posts: 540
  • Joined: 10-October 09

Re: Login Form in c#

Posted 03 July 2013 - 08:15 AM

Another further to Curtis... Salting a hash is the act of appending something the hacker does not yet know about his target to the end of the password before it is hashed. For instance, the users email.

Sent from my LG-MS870 using Tapatalk 4 Beta
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2