Easy MD5 password hashing in C#

There are a ton of members in System.Security.Cryptography and some of them will compute a hash for you based on whatever algorithm you wish. A common one to use for hashing passwords is MD5.


You'll want to store your passwords in your database as hashed values - don't store the passwords in plain text.
An easy class to use in .NET to hash any string is not in System.Security.Cryptography but rather in System.Web.Security.FormsAuthentication.
Use it like so:

string hashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(myPassword, "MD5");

Then, just compare this hashed value with the one you've stored in your database. If they match, the user is authenticated.

Now, before you go asking me how to decrypt the hash and get the original password, you can't. It's a one-way operation. You only hash the password for the purposes of comparing it to an already hashed value.

Hashed passwords are still vulnerable to so-called 'dictionary' attacks, whereby the hacker simply computes the hash for every word in the dictionary and tries all of them. If your password is a simple english word, this sort of brute force attack will work. To thwart this, add a 'salt' value to your password before you hash it and store it in your user database. In other words, instead of storing the hash of 'password' you would store the hash of 'blahpassword' where 'blah' is the salt. This works against dictionary attacks because 'blahpassword' is not a real word. This is even more effective if your salt is a garble, like '4^e#t'. Add the same salt to the user's inputted password before you hash it and compare it to your stored hash.

You can use this same function to hash passwords as you save them in the database. If you manually create the passwords for the users, you could make a simple application to take the password and return to you the hashed value. If you automatically create the password, create a function to accept the password and return the hash string before you save it to the database.

Getting into some interesting stuff!

I'll try to do a more detailed post later, but I'm getting into some pretty cool stuff using Google Earth to add some geospatial capabilities to an ASP.NET application. I'm using some AJAX, lots of Javascript and C#. From here forward all the code I post in this blog will probably be C#. I still love VB, but I'm just not using it at work anymore.

I'm currently employed at International Media Ventures.

Halfway to MCTS

I've decided to get my Microsoft certification, namely an MCTS, and eventually an MCPD. On Friday I passed the first of two exams, the .NET Framework Foundations test (70-536) with a score of 982 out of 1000. It was a pretty hard test but I was well prepared. Next up will be 70-562, which is the ASP.NET exam for the MCTS. I plan to take it in about 2 weeks.

Make my structure sortable

In a previous entry I showed how to create a structure. The object I described with my structure is an area of an image on the screen that I'm calling a "Zone". Today I've discovered the need to sort my Zones by the "ordinal" property, but the Zone objects don't inherently know how to be sorted. The solution is to implement an interface, namely IComparable. Any object that implements IComparable can be sorted on anything you want. It's quite easy. First inside the structure, right after the structure declaration and before any variable declaration, you add Implements IComparable. As soon as you add this line, Visual Studio will tell you that need to include a CompareTo method, which goes something like this:


Public Function CompareTo(ByVal obj As Object) As Integer _
Implements System.IComparable.CompareTo
If Not TypeOf obj Is Zone Then
Throw New Exception("Object is not a Zone")
End If
Dim Compare As Zone = CType(obj, Zone)
Dim result As Integer = Me.Ordinal.CompareTo(Compare.Ordinal)

If result = 0 Then
result = Me.Ordinal.CompareTo(Compare.Ordinal)
End If
Return result
End Function


Now I can call the .sort method on any collection of Zone objects.

The code for my CompareTo method came from http://www.knowdotnet.com/articles/sortarraylistofobjects.html

Convert a Word 2007 docx to PDF with VB.NET

I recently had to write a program to convert about 500,000 text files into PDFs. My initial thought was to buy a third-party .NET component to produce the PDFs, but I found that Word 2007 has a free plug-in to enable output to PDF or XPS format, and that those functions can be automated with VB.NET. My strategy is to convert each text file into a .docx file so I can apply some style and format and then do the PDF conversion. Here's the basic method:

Your machine must have Word 2007 and the free PDF/XPS converter plugin installed. Download the plug-in HERE. You need not have Adobe Acrobat installed on the machine.


In your VB project, set a reference to the .NET assembly Microsoft.Office.Interop.Word. Put an IMPORTS Microsoft.Office.Interop.Word at the top of your code file to save you some typing.


Assuming you already have a Word 2007 doc on disk, all you have to do is invoke ExportAsFixedFormat on the Word Document object that you create. Here's a bit of sample code:

Dim wordApp As ApplicationClass = New ApplicationClass()
Dim wordDoc As Document = Nothing
Dim strSource As String = "C:\Temp\Test.docx"

Try
wordDoc = wordApp.Documents.Open(strSource)
wordDoc .ExportAsFixedFormat("C:\Temp\Test.pdf", _
WdExportFormat.wdExportFormatPDF, False, _
WdExportOptimizeFor.wdExportOptimizeForOnScreen, _
WdExportRange.wdExportAllDocument)

Catch ex As Exception
MessageBox.Show(ex.Message)
End Try


It works like a charm! It takes a few seconds for each file so for my 500,000 files I am going to have to crank up several machines to get it all done in a reasonable amount of time.

Structures 101

Also referred to as User-defined Types, or structs, structures are similar to classes. Structures contain composites of other types and are a useful way to represent more complex objects, but simpler than a full-blown class. Sometimes structures are referred to as lightweight classes. The primary difference, though, is that a class defines a reference type and a structure defines a value type. Being value types, structures are stored on the stack instead of the heap. Structures cannot be inherited, and only inherit from System.Valuetype. Classes can inherit from any other reference type. A much better discussion of the differences can be found HERE so I won't go any further on that lest I get in over my head.

The classic example from the .NET Foundations book is the Point structure. It represents a point on the screen and is composed of just two integers, X and Y.

Ok, so here's a little more elaborate example that I used recently. I needed to define a Zone, or an area of an image. Just a rectangle won't cut it because I need my zone to have a couple other attributes. First I need it to have an ordinal value, so that I can process them in a given order and be able to change that order. Second, I need the zone to have a string value I'm calling "type" (not to be confused with a .NET Type), and it may or may not also have a value in a "FigureText" property. Finally, I want to define the default "ToString" method to give me the FigureText, and just for the heck of it I'll define a "ToRectangle" method as well that will give me a rectangle object. Whatever, the details aren't important, but you'll see how to declare one of these beasties.


Structure Zone
Dim _rect As Rectangle
Dim _ordinal As Integer
Dim _type As String
Dim _figureText As String

Public Sub New(ByVal rect As Rectangle, ByVal ordinal As Integer, ByVal type As String, Optional ByVal figureText As String = Nothing)
_rect = rect : _ordinal = ordinal : _type = type : _figureText = figureText
End Sub

Public Property Ordinal() As Integer
Get
Return _ordinal
End Get
Set(ByVal value As Integer)
_ordinal = value
End Set
End Property

Public Property Rect() As Rectangle
Get
Return _rect
End Get
Set(ByVal value As Rectangle)
_rect = value
End Set
End Property

Public Property Type() As String
Get
Return _type
End Get
Set(ByVal value As String)
_type = value
End Set
End Property

Public Property FigureText() As String
Get
Return _figureText
End Get
Set(ByVal value As String)
_figureText = value
End Set
End Property

Public Overrides Function ToString() As String
Return FigureText.ToString
End Function

Public Function ToInteger() As Integer
Return Ordinal
End Function

Public Function ToRectangle() As Rectangle
Return Rect
End Function
End Structure


Note that you have to overridde the ToString method, but you don't have to override ToInteger or ToRectangle because those methods are not defined by default.

Later in my code when I need to make a Zone, I simply declare it like an object and pass in some values for the constructor, which is defined in the struct in Public Sub New

Dim myZone As New Zone(myRectangle, myOrdinal, myType, myFigureText)

I could have used a class and it would work exactly the same but I'm going to be defining hundreds of these beasties and I think the structure will be more efficient.

As always, be careful with the line breaks in my sample code as the blog doesn't format things just right.

Fix for annoying VS2008 hanging problem

I've been experiencing this problem for a few months now and finally went searching for a solution. Here's the issue - when debugging an application in VS2008 on a machine that is NOT connected to the internet, after closing your application VS hangs for 5-10 seconds and randomly minimizes and maximizes itself, and then often get stuck as "always on top". It's maddening I tell you. Anyway, I found this thread on the msdn forums.

To save you some reading, here's the solution.
Open up your hosts file in windows\system32\drivers\etc\ and add an entry like this:

127.0.0.1      crl.microsoft.com

Hope it works for you. It worked like a charm for me.