Here’s how to implement the ASP.NET Color Picker Control

(1) Download the library and add it to your project

First, download the library from the ASP.NET Color Picker Control website. Make sure to download the latest binary release from the website. Currently that version is ASP.NET Color Picker v.1.4.10423.1 Binary. Once you get the zip file, it will contain a library that you should extract to the /bin/ folder of your website.

(2) Register the library on your page

ASP.NET provides a set of standard controls that you can add to a page that start with the “ASP” prefix, such as “<ASP:TextBox runat=”server” id=”txtBox” />. Any custom controls will have their own prefix that you specify by registering the library on the page. It’s another line of code that you add to the top of the page next to your page definition. It should look something like this:

<%@ Register Assembly=”Karpach.WebControls” Namespace=”Karpach.WebControls” TagPrefix=”cc1″ %>

(3) Add the control to your page

Now that you have the library referenced, you can add the control to your page and make use of it.  For the purpose of this demo, I’m going to set the AutoPostBack property to true and run a function whenever the color is changed. This will show us the color that we picked inside of a label (also shown below) after we select a new color.

<cc1:ColorPicker ID=”colorBackgroundColor” runat=”server” AutoPostBack=”true” OnColorChanged=”chngColor” />
<br /><br />
<asp:Label ID=”lblResults” runat=”server” Text=”"></asp:Label>

(4) Create Your C# Function

After we choose a color, we have to do something with it. With the ColorPicker control above, I’m using the OnColorChanged property to call the “chngColor” function, which in C# will look something like this. This will also demonstrate how to programmatically read the color chosen with the .Color property of the ASP.NET Color Picker Control

protected void chngColor(object sender, EventArgs e)
{
lblResults.Text = “<div style=’background-color:#” + colorBackgroundColor.Color.Replace(“#”, “”) + “;height:50px;width:80px;text-align:center;padding-top:35px;’>Sample Text</div>”;
}

(5) Success

So far, we’ve added the library to our project, registered the library on the page, added the control to the page, and done something with the color chosen by the user. Your page should look something like this:

You can download my sample program here.

Exception Details: System.FormatException: The specified string is not in the form required for an e-mail address.

Ouch. To remedy this issue, I added a check to make sure the email address was valid before it attempted to send the message. In the code below, I’m making use of the System.Text.RegularExpressions library that comes with the .NET framework. The code below is written in C# but the code will be very similar in Visual Basic. It will also work in ASP.NET, WPF or plain old windows forms.

Here’s a C# function that will determine whether or not an email address is valid:

public static bool IsValidEmail(string strEmailAddress)
{
if (strEmailAddress == null)
{
return false;
}
else
{
return System.Text.RegularExpressions.Regex.IsMatch(strEmailAddress, @"^[-a-zA-Z0-9][-.a-zA-Z0-9]*@[-.a-zA-Z0-9]+(\.[-.a-zA-Z0-9]+)*\.(com|edu|info|gov|int|mil|net|org|biz|name|museum|coop|aero|pro|[a-zA-Z]{2})$", RegexOptions.IgnorePatternWhitespace);
}
}


I also made some modifications to the system on the front-end, so when a user registered from then on, that it would validate that they have entered an email address and that the email address matched the format of an email address using a RequiredFieldValidator and a RegularExpressionValidator.<–>

Today, we’re going to encrypt a string with SHA-2, specifically the SHA-512 derivation of SHA-2, which should hypothetically be more secure than SHA-1 because it has a longer message digest than SHA-1. The example code I’m going to show off today also uses a “salt“, whereas the previous function I showed off didn’t. This will make your hashed-passwords more immume to dictionary attacts because not only would the hacker have to develop a hash for every commonly known password, but as well as every commonly known password multiplied by the nearly infinite number of possible salts.

Here’s the function:

    public static string CreateSHAHash(string Password, string Salt)
    {
        System.Security.Cryptography.SHA512Managed HashTool = new System.Security.Cryptography.SHA512Managed();
        Byte[] PasswordAsByte = System.Text.Encoding.UTF8.GetBytes(string.Concat(Password, Salt));
        Byte[] EncryptedBytes = HashTool.ComputeHash(PasswordAsByte);
        HashTool.Clear();
        return Convert.ToBase64String(EncryptedBytes);
    }

How it works:

This method makes use of the System.Security.Cryptography class. It combines your password and the salt that you provide and  turns it into a byte-array. It runs those bytes through the has computation function provided by the class and returns an 88-bit string of the message-digest/hash that’s created.

The source code to check a user’s credentials in Active Directory using C# or Visual Basic is actually fairly minimal. This works with both ASP.NET and with Windows Forms  (or WPF for that matter) if you’re building a desktop application.

Here’s how to do it:

(1) Reference the appropriate library

You’ll need to make use of the System.DirectoryServices library that comes with Visual Studio. You can add this to your ASP.NET code-behind page or your C# class for your Windows forms like this.

using System.DirectoryServices;

(2) Create An Authentication Function.

Here’s a basic function that will check a user’s permissions on a given domain. Essentially, it will try to create an Active Directory entry using the provided credentials, and it can successfully create a valid entry, we know that the user is authenticated. Otherwise, it’ll return false.

public bool AuthenticateActiveDirectory(string Domain, string UserName, string Password)
{
try
{
DirectoryEntry entry = new DirectoryEntry(“LDAP://” + Domain, UserName, Password);
object nativeObject = entry.NativeObject;
return true;
}
catch (DirectoryServicesCOMException) { return false; }
}

That’s really all there is to it. Microsoft has an extensive aritcle on MSDN that covers active directory authentication in .NET that you might want to check out as well.

Here’s a very customizable function that will generate a pseudo-random password for you in C#

public static string GenerateRandomPassword(int Length)
{
char[] ValidCharacters = "abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ".ToCharArray();
string password = string.Empty;
Random RndGenerator = new Random();
for (int i = 0; i < Length; i++)
{
int x = RndGenerator.Next(1, ValidCharacters.Length);
if (!password.Contains(ValidCharacters.GetValue(x).ToString()))
{
password += ValidCharacters.GetValue(x);
}
else
{
i--;
}
}
return password;
}


There’s some really neat stuff going on in this function.  You can specify which characters you would like to choose from as your random choices. It’s definitely better to have a longer array of choices, so if you’re comfortable putting in special characters like !, @, #, $, %, ^, &, or *, that will make it much harder for your passwords to be brute-forced or hacked otherwise.  The above function also makes sure that the same character isn’t used twice for additional security. You can take out the if-else statement if you’re not concerned about that.

To make use of the function, you can just call it up, specify the length of the password you would like to create and it will return a string that contains a random password of that length.

Happy Developing!

Microsoft has provided us with a method called FormsAuthentication.HashPasswordForStoringInConfigFile that will hash your user’s passwords with MD5 or SHA-1 with a single line of code. Given the choice, I’d recommend SHA-1 because it’s generally considered more secure by the security community.

So what’s password hashing anyway?

Essentially, a hash function provides a means to take a string of text that you want to protect and encrypts it in such a manner that if the original text were ran through the function again, it would always generate the same result. Hash functions are generally a “one-way” encryption, so you can take the original password and turn it into the hashed password, but you can’t go back from the hashed password and turn it back into the original.

If you’d like a more technical explanation of password hashing, checkout this article on MathWorld.

Using the Function:

public static string PasswordHasher(string Password)
{
return FormsAuthentication.HashPasswordForStoringInConfigFile(Password, System.Web.Configuration.FormsAuthPasswordFormat.SHA1);
}

The above method will take a password that you enter and run it through the encryption function provided using the SHA1 format. You’ll get back a string with the generated hash of your password.

Overall, it’s a very nice quick and dirty way to hash a password in ASP.NET, although some might criticize its use. If you would like to at a SALT to your password, read this article at donetjunkies.