Password hash using PBKDF2 with HMAC SHA256/ SHA512 in .NET Framework 4.7.2 and .NET Core 2.0

Here I am back with more updates on PBKDF2 with HMAC but this time I am talking about SHA-2 family of hashes which includes SHA-256 and SHA-512, both that to in standard .NET framework.

I have posted another article for implementing PBKDF2 with SHA-2 family for password hashing which has custom implementation of PBKDF2 as at that time this option was not available in standard .NET framework. Keep on reading

Password hash using PBKDF2 with HMAC SHA256/ SHA512 in .NET Framework 4.7 and before

Recently I got an requirement from one of my client to generate salted password hash using PBKDF2 and SHA-2 algorithms. But as everyone knows we only have SHA-1 available in .NET framework till now.

Because this was an client requirement so I have to accommodate in my project scope and to do this I got help from a nice guy who made this easy for me. While doing search on google I found this article from that guy. Keep on reading

OutSystems: How to set value to expressions

This article is about a new platform which I have explored and did certification. The name of the platform is OutSystems and it is a low code platform. Low code platform means we have to write a little or no code to develop an application and OutSystems is one those low code platform in the industry right now along with Mendix, Appian etc

This post if about a small problem which many of my colleague are facing while exploring OutSystems using its own official courses.

In OutSystems Mobile App Development course there is one class Creating Application Exercise where they have also explained use of expression on any screen and assigning values to it. But there is a little thing which many of the developers think is missing and because of this they face problem while assigning values to expression using mix of a string, method response or any entity value.

One of my friend asked me this problem:

Please see attached screenshot from “Creating Applications Exercise”
So I am stuck at Step 3 (b) on page # 13. I am able to set “GetAppName()” for the Expression but that is not correct.

How to set the Expression to “Hello from “ + GetAppName() ?
There is no screenshot for this step, perhaps it is too simple but I am not able to locate it.

Yes, this is a simple thing to do but because he was doing it first time so got confused. He was not sure how to call method in expression value so he just set  “Hello from ” in value not complete expression including GetAppName() method as shown in below screenshot.

Browser back button triggers previous post action in .NET webform application – solved

Recently while working on one of my .NET application I was stuck in a strange problem. I created a button and its click event to insert some entry in database and at the end of this action I used below statement to redirect the page for next step.

Response.Write("<script>top.location="next step page url";</script>");

=&0=& I used this method to redirect the page because I was doing it in an iframe and wanted to redirect parent page after this step is completed and next step is started.

This was working perfectly fine but after moving to next step when I clicked browser back button same action was again fired and I got two similar entries in database. This was strange because I never exacted post event to be actually fired on browser back button because browser used to show a message when there is any post action is required (like we tap browser refresh button after any post action).

After some hit and trial I found that the statement above (Response.Write) is causing the issue. This was because the post action was still in progress because I used a trick to redirect instead of simple Response.Redirect.

To complete the post event and redirect properly to resolve the page postback issue on browser back button I used below approach in place of above like of statement:

Session["next"] = true
Response.Write("<script>top.location=top.location;</script>");

On parent page I checked if this session exists then redirect to next step

if(Session["next"] != null && Convert.ToBoolean(Session["next"]))
{
     Response.Redirect("next step page url");
}

After this approach when I clicked browser back button there was not issue of postback.

So the conclusion was that Response.Write was actual reason of the issue because it was breaking the flow without completing the post action.

Download Visual Studio 2017 ISO (offline installer) + Web Installer

This is a simple guide to download offline installer or ISO file for Visual Studio 2017.

As you all new Microsoft always provides web installer file for all new releases of Visual studio and on 7th March Microsoft has launched Visual Studio 2017 and this time also they haven’t provided offline installer or ISO file of the setup so we are here to explain how you can obtain offline installer or ISO file from this web installer EXE.

There are 7 simple steps for doing this:

1. Download web installer exe from this link

2. After download put this file in any folder like C:VS 2017.

3. Open command prompt with admin access and move to your visual studio eve folder using command cd c:CS 2017

4. Now run another command in command prompt vs_setup.exe /layout (vs_setup.exe is your file name so you can write what ever is your file name)

5. This will open a windows to ask location on your drive where you would like to download the visual studio offline / ISO installer.

6. Now it will download your visual studio and after it is completed you can run setup where you have selected to download it and that too without internet connection.

Visual studio 2017 will be launched on 7th March 2017

Finally Microsoft is going to launch Visual studio 15 (Visual studio 2017) on 7th March.

This version of Visual Studio will be launched at an event which will be organised on 7th and 8th March. This will also be a celebration event for 20th Anniversary of Visual Studio.

=&0=& of the event will include Keynote and demos by Julia Liuson, Brian Harry, Miguel de Icaza, and Scott Hanselman which can also be viewed on live streaming. They will show new things in Visual Studio, .NET, Xamarin, Azure etc.

Day 2 (8th March 2017) will be live interactive training day to teach how to be more productive using the all new Visual Studio 2017.

If you are interested in this event then you can register on this link https://launch.visualstudio.com

Apart from this live event there will be launch event by the Visual Studio community all around the world where developers can meet and collaborate in their local area.

You can even share a short story, video clip or image of your visual studio story. Share your story on Instagram, Twiter or Facebook with #MyVSStory

Encryption and Decryption of content using RijndaelManaged Class in C#

If you want to encrypt and decrypt data in your .NET application then one of the most simplest and safest way is using RijndaelManaged class.

It is predecessor of Aes but still most of the new users us RijndaelManaged class because it is easy to plug and use.

First we have to generate an encryption key using a password ans salt. Password and salt could be any string (use base64 string to make your encryption stronger) which we have to convert to bytes array (byte[]) before using them for generating encryption key. Below is the complete example of generating key and encryption and decryption

public static byte[] GenerateEncryptionKey(string password, string saltString)
{
	byte[] salt = Convert.FromBase64String(saltString);
	var keyGen = new Rfc2898DeriveBytes(password, salt, 7845);
	return keyGen.GetBytes(32);
}
public static string Encrypt(object data, string password, string saltString)
{
	try
	{
		using (var aes = new RijndaelManaged())
		{
			//get some bytes
			aes.Key = GenerateEncryptionKey(password, saltString);
			aes.BlockSize = 256;
			aes.Padding = PaddingMode.PKCS7;

			//generate an IV
			aes.GenerateIV();

			//get the bytes for our message
			var plainBytes = Encoding.UTF8.GetBytes(data.ToString());

			//start up the encryption
			using (var ms = new MemoryStream())
			using (var cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
			{
				//write the bytes to the cryptostream
				cs.Write(plainBytes, 0, plainBytes.Length);
				cs.FlushFinalBlock();

				//get message bytes
				var msgBytes = ms.ToArray();

				//create a new array big enough for the both of 'em
				var cypherBytes = new byte[aes.IV.Length + msgBytes.Length];

				//return the string with the iv as the first 32 bytes. will need this when decrypting
				System.Buffer.BlockCopy(aes.IV, 0, cypherBytes, 0, aes.IV.Length);
				System.Buffer.BlockCopy(msgBytes, 0, cypherBytes, aes.IV.Length, msgBytes.Length);

				//now convert it to base64 string
				var cypherText = System.Convert.ToBase64String(cypherBytes).TrimEnd(new char[] { '=' }).Replace('+', '-').Replace('/', '_');
				//var cypherText = Convert.ToBase64String(cypherBytes);

				//return cypher text
				return cypherText;
			}
		}
	}
	catch (Exception)
	{
		return null;
	}
}

public static string Decrypt(object cypherData, string password, string saltString)
{
	try
	{
		using (var aes = new RijndaelManaged())
		{
			//get some bytes
			aes.Key = GenerateEncryptionKey(password, saltString);
			aes.BlockSize = 256;
			aes.Padding = PaddingMode.PKCS7;

			//get the bytes for our message
			string cypherStr = cypherData.ToString();
			string incoming = cypherStr.Replace('_', '/').Replace('-', '+');
			switch (cypherStr.Length % 4)
			{
				case 2: incoming += "=="; break;
				case 3: incoming += "="; break;
			}
			
			var cypherBytes = Convert.FromBase64String(incoming);
			//var cypherBytes = Convert.FromBase64String(cypherData.ToString());
			var iv = new byte[aes.IV.Length];
			var msgBytes = new byte[cypherBytes.Length - iv.Length];

			//we use the first 32 bytes of the cypherdata for the IV
			System.Buffer.BlockCopy(cypherBytes, 0, iv, 0, iv.Length);
			System.Buffer.BlockCopy(cypherBytes, iv.Length, msgBytes, 0, msgBytes.Length);

			//set the IV for the instance
			aes.IV = iv;

			//start up the decryption
			using (var ms = new MemoryStream())
			using (var cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write))
			{
				//write the bytes to the cryptostream
				cs.Write(msgBytes, 0, msgBytes.Length);
				cs.FlushFinalBlock();
					  
				//the plain text has been decrypted.
				var plainText = System.Text.Encoding.UTF8.GetString(ms.ToArray());

				//return plain text
				return plainText;
			}
		 }
	}
	catch (Exception)
	{
		return null;
	}
}

Sample Code – Android share action with chooser to display system default share chooser dialog

This post is for helping those you are looking to implement share feature in there android application and ending up with default ShareActionProvider which is too basic and doesn’t look good at all.

Solution to this problem is “chooser”. below is the sample of how you can share any data with ACTION_SEND intent by setting text and subject and at the end call start activity with createChooser.

      Intent sendIntent = new Intent();
      sendIntent.setAction(Intent.ACTION_SEND);
      String text = "";
      String url = "";
      sendIntent.putExtra(Intent.EXTRA_SUBJECT, text);
      sendIntent.putExtra(Intent.EXTRA_TEXT, text + " nn" + url);
      sendIntent.setType("text/plain");
      context.startActivity(Intent.createChooser(sendIntent, "Share"));

There are many advantages of using chooser

  • Even if you has selected any default application of this action your application will share chooser dialog so that user can select any other application without going to settings
  • You have option to set title for your share action chooser dialog
  • If no matching application found (I don’t think if this will happen to anyone in real world) then android displays a system message.