Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Password Hashing
Message
De
25/07/2016 06:55:37
Cetin Basoz
Engineerica Inc.
Izmir, Turquie
 
 
À
21/07/2016 14:59:26
Frank Cazabon
Samaan Systems Ltd
St Augustine, Trinidade
Information générale
Forum:
ASP.NET
Catégorie:
Code, syntaxe and commandes
Titre:
Re: Password Hashing
Versions des environnements
Environment:
C# 4.0
Database:
MS SQL Server
Application:
Web
Divers
Thread ID:
01638543
Message ID:
01638591
Vues:
69
>It looks like this should do the trick:
>
>
storedHash = (byte[])cmd.ExecuteScalar();
Yes that would do. However, you could simply do the comparison on SQL server side too. ie:
private bool ValidateUser(string userName, string passWord)
{
	// Check for invalid userName.
	// userName must not be null and must be between 1 and 15 characters.
	if (string.IsNullOrEmpty(userName) || (userName.Length > 15))
	{
		System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName failed.");
		return false;
	}

	// Check for invalid passWord.
	// passWord must not be null and must be between 1 and 25 characters.
	if (string.IsNullOrEmpty(passWord) || (passWord.Length > 25))
	{
		System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.");
		return false;
	}
    bool userExists = false;
	// convert string to stream
	byte[] byteArray = Encoding.UTF8.GetBytes(passWord);
	MemoryStream stream = new MemoryStream(byteArray);

	var sha1 = new SHA1CryptoServiceProvider();
	byte[] hashedPassword = sha1.ComputeHash(stream);

	try
	{

		// Consult with your SQL Server administrator for an appropriate connection
		// string to use to connect to your local SQL Server.
		using (var conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DocsTSConnectionString"].ConnectionString))
		{
			// Create SqlCommand to select pwd field from users table given supplied userName.
			var cmd = new SqlCommand(@"Select 
		    cast( case 
			when exists (select	* from users 
			where loginid=@userName and 
			      usr_passwordhash=@hashedPwd) then 1 else 0 end as bit)", conn);
			cmd.Parameters.AddWithValue("@userName", userName);
			cmd.Parameters.AddWithValue("@hashedPwd", hashedPassword);

			conn.Open();
			userExists = (bool)cmd.ExecuteScalar();
			conn.Close();
		}
	}
	catch (Exception ex)
	{
		// Add error handling here for debugging.
		// This error message should not be sent back to the caller.
		System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " + ex.Message);
	}

	return userExists;
}
Çetin Basöz

The way to Go
Flutter - For mobile, web and desktop.
World's most advanced open source relational database.
.Net for foxheads - Blog (main)
FoxSharp - Blog (mirror)
Welcome to FoxyClasses

LinqPad - C#,VB,F#,SQL,eSQL ... scratchpad
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform