vithyaani
June 30th, 2008, 02:54 AM
Hi all,
I know that this is a silly prb, but as a newbie to this group and also .net I stuck with lot of doubts in my very first prg.
1. Here I decided to start my asp.net with the loginform.
When I insert a record, it inserted successfully.but the salt field displays
only four charcters(please see the Ex below). I know that is wrong.But I
don’t know how to correct that .
2. Next I want to check the credentials using webservice.It shows me wrong answer.
Here below my source.Sorry for long such code.Hope it will
help.
Here am using MsSql.
Anybody guide me please.
Ex:
Username (varchar 25) : Test
Salt (varchar 500) : Hg==
Password (varchar 500) : 47DBAC0F43104943FB23F30C497F6ADF3DB4
Here is my source:
\\To insert:
con.Open()
query = "insert into users (username,salt,password) values(@username,@salt,@password)"
cmd = New SqlCommand(query, con)
cmd.Parameters.Add("@username", SqlDbType.NVarChar)
cmd.Parameters("@username").Value = txtUsername.Text
Dim objbyte() As Byte = New Byte(SaltSize) {}
rng.GetBytes(objbyte)
Dim strSalt As String = Convert.ToBase64String(objbyte)
cmd.Parameters.Add("@salt", SqlDbType.VarChar)
cmd.Parameters("@salt").Value = strSalt
cmd.Parameters.Add("@password", SqlDbType.VarChar)
cmd.Parameters("@password").Value = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text + strSalt, "SHA1")
cmd.ExecuteNonQuery()
con.Close()
\\Here is my Webservice to check the credentials
<WebMethod()> _
Public Function check(ByVal username As String, ByVal password As String) As Boolean
con.Open()
cmd = New SqlCommand("SELECT username,salt,password FROM Users WHERE username='" + username + "'", con)
cmd.Parameters.Add("@username", SqlDbType.VarChar)
cmd.Parameters("@username").Value = username
cmd.Parameters.Add("@password", SqlDbType.VarChar)
cmd.Parameters("@password").Value = password
dr = cmd.ExecuteReader()
If Not dr.Read() Then
Return False
Else
Dim strSalt As String = dr("salt")
Dim strStoredPassword As String = dr("password")
Dim strGivenPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(password + strSalt, "SHA1")
If strStoredPassword = strGivenPassword Then
Return True
Else
Return False
End If
End If
End Function
I know that this is a silly prb, but as a newbie to this group and also .net I stuck with lot of doubts in my very first prg.
1. Here I decided to start my asp.net with the loginform.
When I insert a record, it inserted successfully.but the salt field displays
only four charcters(please see the Ex below). I know that is wrong.But I
don’t know how to correct that .
2. Next I want to check the credentials using webservice.It shows me wrong answer.
Here below my source.Sorry for long such code.Hope it will
help.
Here am using MsSql.
Anybody guide me please.
Ex:
Username (varchar 25) : Test
Salt (varchar 500) : Hg==
Password (varchar 500) : 47DBAC0F43104943FB23F30C497F6ADF3DB4
Here is my source:
\\To insert:
con.Open()
query = "insert into users (username,salt,password) values(@username,@salt,@password)"
cmd = New SqlCommand(query, con)
cmd.Parameters.Add("@username", SqlDbType.NVarChar)
cmd.Parameters("@username").Value = txtUsername.Text
Dim objbyte() As Byte = New Byte(SaltSize) {}
rng.GetBytes(objbyte)
Dim strSalt As String = Convert.ToBase64String(objbyte)
cmd.Parameters.Add("@salt", SqlDbType.VarChar)
cmd.Parameters("@salt").Value = strSalt
cmd.Parameters.Add("@password", SqlDbType.VarChar)
cmd.Parameters("@password").Value = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text + strSalt, "SHA1")
cmd.ExecuteNonQuery()
con.Close()
\\Here is my Webservice to check the credentials
<WebMethod()> _
Public Function check(ByVal username As String, ByVal password As String) As Boolean
con.Open()
cmd = New SqlCommand("SELECT username,salt,password FROM Users WHERE username='" + username + "'", con)
cmd.Parameters.Add("@username", SqlDbType.VarChar)
cmd.Parameters("@username").Value = username
cmd.Parameters.Add("@password", SqlDbType.VarChar)
cmd.Parameters("@password").Value = password
dr = cmd.ExecuteReader()
If Not dr.Read() Then
Return False
Else
Dim strSalt As String = dr("salt")
Dim strStoredPassword As String = dr("password")
Dim strGivenPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(password + strSalt, "SHA1")
If strStoredPassword = strGivenPassword Then
Return True
Else
Return False
End If
End If
End Function