This page contains references to most commonly requested code samples
relevant to .NET application security.
How to Encrypt and Decrypt Data Using a Symmetric Key
Illustrates how to (a) generate a persistent (i.e. non-random) symmetric key and
(b) use this key to encrypt and decrypt data.
This sample is intended to help novice users get a grasp on encryption and decryption.
It uses Rijndael
but you can easily adjust it to use Triple-DES or any other symmetric key algorithm supported by .NET.
How to Encrypt Data With Salt
Explains how to use salt when encrypting the same plain text value with the
same symmetric (Rijndael) key to generate different cipher text.
This approach eliminates the need to use different initialization vectors
or keys for the purpose of avoiding dictionary attacks.
How to Create an Encryption Library
This MSDN example can help you build a reusable encryption library for different symmetric key algorithms.
It is more robust than the previous example, but may not be as straight forward.
How to Store an Encrypted Connection String in the Registry
This MSDN example can be used to encrypt and store sensitive data in the Windows® registry.
It explains how to build a GUI application, which can be used to encrypt data in the registry,
and retrieve these data from an ASP.NET application.
Data Protection API (DPAPI)
How to Hash Data with Salt
Illustrates how to (a) hash a text string with a random salt value using
MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashing algorithms and
(b) verify a hash against a plain text value.
If you just want to use MD5 or SHA1 hashing algorithm,
you can simply call the
method of the FormsAuthentication class,
which belongs to the System.Web.Security namespace.
How to Use Forms Authentication with SQL Server 2000
This MSDN example can help you implement authentication mechanism
using password hashes stored in a database.
Random Password Generator
How to Generate a Random Password
Shows how to generate a random password, which consists of
a combination of 7-bit ASCII alpha-numeric characters and special symbols,
but does not contain ambiguous characters (such as [1,I,l]).