You need to protect login credentials during transmission over the network and when they are stored within a database.

Use password hashing and salting with the .NET FormsAuthentication class to control user authentication and access to the application.

The solution creates and displays a salt of data type GUID. The hash of the password concatenated with the salt is generated and output to the console. The username, password hash, and salt are inserted into a DataTable that simulates a database in this solution.

Next, login is simulated with both an incorrect password and a correct password. In each case, the salt and the hash of the password and salt are retrieved from the DataTable for the username. The password is concatenated with the retrieved salt and the hash is generated. If the hash matches the hash retrieved from the database, the user is authenticated. The login attempt details and success status are output to the console for both incorrect and correct login attempts.

This solution requires a reference to the System.Web assembly.

The C# code in Program.cs in the project SecureLoginCredentials is shown in Example 6-12.

using System; using System.Data; using System.Data.SqlClient; using System.Web.Security; namespace SecureLoginCredentials { class Program { private static string userName = "User1"; private static string password = "MyPassword123"; static void Main(string[] ...