how to encode password field in ASP.NET

I have the following code to encode password field but it gets error when password field is longer than ten characters.

private string base64Encode(string sData)
    {
        try
        {
            byte[] encData_byte = new byte[sData.Length];

            //encData_byte = System.Text.Encoding.UTF8.GetBytes(sData);
            encData_byte = System.Text.Encoding.UTF8.GetBytes(sData);


            string encodedData = Convert.ToBase64String(encData_byte);
            return encodedData;


        }
        catch (Exception ex)
        {
            throw new Exception("Error in base64Encode" + ex.Message);
        }
    }

This is the code to decode the encoded value

public string base64Decode(string sData)
    {

        System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();

        System.Text.Decoder utf8Decode = encoder.GetDecoder();

        byte[] todecode_byte = Convert.FromBase64String(sData);

        int charCount = utf8Dec开发者_高级运维ode.GetCharCount(todecode_byte, 0, todecode_byte.Length);

        char[] decoded_char = new char[charCount];

        utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);

        string result = new String(decoded_char);

        return result;

    }

That code itself shouldn't be failing - but it's not actually providing any protection for the password. I'm not sure what kind of "encoding" you're really trying to do, but this is not the way to do it. Issues:

• Even if this worked, it's terrible from a security point of view - this isn't encryption, hashing, or anything like it
• You're allocating a new byte array for no good reason - why?
• You're catching Exception, which is almost always a bad idea
• Your method ignores .NET naming conventions

If you can explain to us what the bigger picture is, we may be able to suggest a much better approach.

My guess is that the exception you're seeing is actually coming when you call Convert.FromBase64String, i.e. in the equivalent decoding method, which you haven't shown us.

I think you will need to modify your code.

These are 2 links which gives more details -

Encrypt and decrypt a string

http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.aspx

They are correct about this not being secure. But the question you asked was why is the code failing. Base64 strings usually take up more space than the string they encode. You are trying to store the same amount of data in fewer characters (64 instead of 255), so it expands the string. Since you are dimensioning the array based on the size of the string, any time the base 64 string exceeds the size of the base 255 string, you get an error. Instead of writing the code yourself, use the built in converters.

            System.Convert.ToBase64String()
            System.Convert.FromBase64String()

But as I mentioned before, this is not secure, so only use this if you are trying to do something with a legacy system, and you need to preserve functionality for some reason.