locked
facing issue with encrypted password with login? RRS feed

  • Question

  • User1421057020 posted

    when I login with the encrypted password functionality then login not work and when I login without the encrypted password functionality then login work fine

    HomeController.cs

            public static string Encrypt(string clearText)
            {
                try
                {
                    byte[] hashBytes = ComputeHash(clearText);
                    byte[] saltBytes = GetRandomSalt();
                    byte[] saltHash = ComputeHash(saltBytes.ToString());
    
                    byte[] hashWithSaltBytes = new byte[hashBytes.Length + saltBytes.Length];
                    for (int i = 0; i < hashBytes.Length; i++)
                        hashWithSaltBytes[i] = hashBytes[i];
                    for (int i = 0; i < saltBytes.Length; i++)
                        hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];
    
                    string hashValue = Convert.ToBase64String(hashWithSaltBytes);
    
                    return hashValue;
                }
                catch (Exception)
                {
    
                    throw;
                }
            }
    
            //random salt generation
            public static byte[] GetRandomSalt()
            {
                int minSaltSize = 16;
                int maxSaltSize = 32;
    
                Random random = new Random();
                int saltSize = random.Next(minSaltSize, maxSaltSize);
                byte[] saltBytes = new byte[saltSize];
                RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
                rng.GetNonZeroBytes(saltBytes);
                return saltBytes;
            }
            // hashing
            public static byte[] ComputeHash(string plainText)
            {
                byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
                HashAlgorithm hash = new SHA256Managed();
                return hash.ComputeHash(plainTextBytes);
            }
    
            public ActionResult create()
            {
                return View();
            }
    
            [HttpPost]
            public ActionResult create(student stud)
            {
                string pass = Encrypt(stud.password);
                stud.password = pass;        //here assigning a string pass to stud.pass
    
                var create = dbstud.students.Add(stud);
                dbstud.SaveChanges();
                return RedirectToAction("Login");
    
            }
    
            public ActionResult Login()
            {
                return View();
            }
    
            [HttpPost]
            public ActionResult Login(student stud)
            {
                //string pass = Encrypt(stud.password);
                //stud.password = login.password;
                //var login = dbstud.students.Where(x => x.username == stud.username && x.password == pass).FirstOrDefault();
    
                var login = dbstud.students.Where(x => x.username == stud.username && x.password == stud.password).FirstOrDefault();
    
                if (login != null)
                {
                    Session["username"] = login.username.ToString();
                    Session["password"] = login.password.ToString();
    
                    return RedirectToAction("Index");
                }
    
                return RedirectToAction("Login");
            }
    
            public ActionResult Index()
            {
                if (Session["username"] == null)
                {
                    return RedirectToAction("Login", "Home");
                }
                else
                {
                    return View(getcurrentstu());
                }
            }
    
            public student getcurrentstu()       //Get the current stu and return 
            {
                var currentusername = Session["username"].ToString();
                var currentpassword = Session["password"].ToString();
                var currentstu = dbstud.students.Where(s => s.username == currentusername && s.password == currentpassword).SingleOrDefault();
    
                return currentstu;
            }

    Index.cshtml

    @model DemoFFI.Models.student
    
    <h2>Index</h2>
    
    @if (Session["username"] != null)
    {
        <text>Welcome <strong>@Session["username"].ToString()</strong></text>
    }
    
    <p>
        
        @Html.ActionLink("Logout", "Logout")
    
    </p>
    <table class="table">
        <tr>
            <td>
                @Html.DisplayFor(model => model.firstname)
            </td>
            <td>
                @Html.DisplayFor(model => model.lastname)
            </td>
            <td>
                @Html.DisplayFor(model => model.username)
            </td>
            <td>
                @Html.DisplayFor(model => model.password)
            </td>
            <td>
                @Html.DisplayFor(model => model.email)
            </td>
            <td>
                @Html.ActionLink("Edit", "Edit", new { id = Model.studid })
            </td>
        </tr>
    </table>
    @{ Html.RenderAction("BlogCreate", "Home"); }

    when I comment this code then login functionality work fine but password not store encrypted format

    string pass = Encrypt(stud.password);
    stud.password = pass;        //here assigning a string pass to stud.pass

    when I uncomment this code then login functionality not work but password store encrypted format

    string pass = Encrypt(stud.password);
    stud.password = pass;        //here assigning a string pass to stud.pass

    I think issue is my encryption always producing the different result that is main issue?

    how to solve this problem?

    Friday, June 12, 2020 9:36 AM

All replies