Creating random authorization code in c# in ASP.NET MVC.

We are going to create random 15 characters long authorization number. This can be used for many different purposes in your MVC application like unique barcodes, authorization codes etc. To make thinks more interesting we are going to force the method to place letter before and after random code.
GenerateLetter method is responsible to give us only letter. I used this code based on small tutorial

public char GenerateLetter()
            Random randomNumber = new Random();

            int number = randomNumber.Next(0, 26);
            char letter = (char)('a' + number);
            return letter;

        public string GenerateAuthCode()
            bool codeExists = false;

            string code = GenerateLetter().ToString();

                code += Guid.NewGuid().ToString("N").Substring(0, 13);

                code += GenerateLetter().ToString();

                YourDBContext dbContext = new YourDBContext();

var Exists = dbContext.products.FirstOrDefault(m => m.barcode ==   code);

                codeExists = Exists == null? false : true;
            while (codeExists);
            return code;

We are calling GenerateLetter method twice before and after random 13 characters code is generated. We also want to make sure that code is always unique so we are calling Data base to find if any product already have this barcode, if so we method will repeat whole process.

Adam Bielecki.


  1. Hi there,
    In your blog you say "This can be used for many different purposes in your MVC application like unique barcodes, authorization codes etc...".

    It seems like you are missing the fact that while GUIDS are unique, Sub guids are not. As described in this excellent article the author did a great job explaining the anatomy of the GUID. As described, the first 60 bits correspond to timestamp. Which means that you can easily get duplicated guids.

    Based on your example, I was able to write a short PoC using this line string subGuid = Guid.NewGuid().ToString("N").Substring(0, 13);
    In less than 5 minutes (in my age of stone old laptop), I was able to get a duplicated GUID.

    I'm not sure if you knew that already, I just thought it was worth to comment it.

    Thank you!

  2. Yes that is right and agree with you. Guid are amazing to use for unique codes, but they work if you use full Guid which in some cases might be too many characters. I gave an example of 15 character code, but it can be also used for let's say 7 characters. The idea was to use the loop that will find out if code already exists in database and if yes method will generate new code. How many unique codes your laptop generated before find the same?
    Regards, Adam.

  3. This comment has been removed by the author.

    1. I was wrong with my last comment. The number provided was if the Sub GUID was of 10. I'm running it if the Sub Guid was of 13 which is
      Guid.NewGuid().ToString("N").Substring(0, 13);

      Not sure how long it will take :)

  4. Thanks for the results. Hmm over 1 million codes we got duplicate which I think is not bad at all. Of course it could have happened before. Have you ever tried to run the same test over genuine GUID? In theory you should never hit the same GUID but if yes I am curious how many loops does it take. As well in theory even generating GUID you might end up with 2 exactly the same GUID one after another, but the probability is very low. Correct if I am wrong.

  5. Hi Adam,

    You are right, AFAIK full GUIDS are unique. In my scenario (and I'm trying to set up my mac right now) this should be happened earlier. Well by understanding the anatomy of the GUID, it is low probable to get two exact values,We would need a better lab for that :).

    Anyways, it is good to understand the anatomy of the GUIDS, at the end of the day we can confirm that Sub GUIDS are not unique:).


Post a Comment