none
How to make password case sensitive RRS feed

  • Question

  •   I have the following code for login form, how do I make  the password case sensitive? I have read some articles about collation and not sure if it work with access database. 

    Dim conn As OleDbConnection
            conn = New OleDbConnection(connString)
            conn.Open()
            Dim cmd As OleDbCommand = New OleDbCommand("SELECT * FROM Users WHERE [UserName] = '" & txtUserName.Text & "' AND [Passwordtbl] = '" & txtPassword.Text & "'", conn)
            Dim dr As OleDbDataReader = cmd.ExecuteReader
            '
    

      
    Tuesday, December 12, 2017 4:20 PM

All replies

  • How do I create a hash? 

    Thanks 

    Tuesday, December 12, 2017 5:16 PM
  • Alobi, 

    This way of using security is from the days of Ur. 

    Simply use the authentication of Windows

    TheUserName = Environment.Username


    Success
    Cor

    Tuesday, December 12, 2017 5:24 PM
  • Yes, I just found a good write up on that, and I have it working. For now disregard. if I have anymore questions I will re-post. thanks
    • Edited by alobi Tuesday, December 12, 2017 5:51 PM
    Tuesday, December 12, 2017 5:50 PM
  • Yes, I just found a good write up on that, and I have it working. For now disregard. if I have anymore questions I will re-post. thanks

    Good luck...

    "A problem well stated is a problem half solved.” - Charles F. Kettering

    Tuesday, December 12, 2017 5:55 PM
  • Yes, I just found a good write up on that, and I have it working. For now disregard. if I have anymore questions I will re-post. thanks

    If you decided to download and try my assembly, know that I found an issue with it.

    I've since corrected that and this is the newest version of it:

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/35d59a39-87dc-4fc7-8aa7-d110f0c9327f/hashing?forum=vbgeneral

    You should salt it, no matter how you go about doing it.

    ***** EDIT *****

    I stand corrected: It's not salted, it's pepper!

    https://en.wikipedia.org/wiki/Pepper_(cryptography)


    "A problem well stated is a problem half solved.” - Charles F. Kettering



    Tuesday, December 12, 2017 6:52 PM
  • If you are working with Microsoft Access (database matters) you can use the StrComp function for case sensitivity:

    WHERE StrComp('password',[Passwordtbl],0)=0


    Paul ~~~~ Microsoft MVP (Visual Basic)


    Tuesday, December 12, 2017 7:10 PM
  • Hi alobi,

    Glad to hear that you have solved your issue by yourself, please share your solution here and remember to close your thread by marking your post as answer, it is beneficial to other community members who face the same issue.

    Thanks for your understanding.

    Best Regards,

    Cherry


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, December 13, 2017 3:02 AM
    Moderator
  • If you save the user's password directly into the database, then the password will be saved into the database with the exact Case format. When login, just compare the user's input and the string retrieved from the database. If they are equal, then the user is authorized, otherwise not.
     
    If you don't care the case information, then you could compare the password like the following:

    ---------------

    if(userInput.ToUpperCase()==passFromDb.ToUpperCase())

    {
    Return right;

    }

    else

    {

    return fasle;

    }

    ---------------

    I hope this will helpful for you. If any case you are facing any quires then check out this site blog, cause it is informative CRBtech .Net Training & Placement
    Wednesday, December 13, 2017 4:18 AM
  • @Rshirsagar99 Please revise your post, remove the C# code and provide VB.NET code or the post will be removed as only VB.NET code is valid for this forum.

    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Wednesday, December 13, 2017 10:07 AM
    Moderator
  • But do you think that the processing of the plain pass word is correct. this was working fine before I hashed and salt the password which I understand to be safer. Do you think my logic and code is correct? I am getting "sorry User name or password is incorrect." thanks
    Wednesday, December 20, 2017 4:30 PM
  • But do you think that the processing of the plain pass word is correct. this was working fine before I hashed and salt the password which I understand to be safer. Do you think my logic and code is correct? I am getting "sorry User name or password is incorrect." thanks

    Hi alobi,

    I don't see the code you dealt with password, can you provide these code here, and I will try to test it.

    Best Regards,

    Cherry


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, December 27, 2017 7:18 AM
    Moderator
  • @Cherry

    I am using the code below to validate a password from a VB form, it is a hash and salt password. The salt is stored in access table as Slt.  Here is my validation code

     Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
            Dim plainPassword As String = txtPlainPassword.Text
            Dim hashedpasswrd As String = ""
            Dim Salted As String
            Dim hash As String
            'hashedpasswrd = (Hash512(txtPlainPassword.Text, CreateRandomSalt))
            Dim conn As OleDbConnection
            conn = New OleDbConnection(connString)
            conn.Open()
            Dim cmd As OleDbCommand = New OleDbCommand("SELECT * FROM Users WHERE [UserName] =@UserName AND Slt =@Salt", conn)
            hashedpasswrd = (Hash512(Slt + plainPassword))
            cmd.Parameters.AddWithValue("@UserName", txtUserName.Text)
            cmd.Parameters.AddWithValue("@Pswrd", hashedpasswrd)
            Dim dr As OleDbDataReader = cmd.ExecuteReader
            ' The following variable hold true if user is found atherwise it holds false
            Dim userFound As Boolean = False
            Dim FirstName As String = " "
            Dim LastName As String = " "
            Dim Title As String = " "
            ' If found
            While dr.Read
                userFound = True
                Title = dr("Title").ToString
                FirstName = dr("FirstName").ToString
                LastName = dr("SurName").ToString
    
            End While
    
            'checking the result
    
            If userFound = True Then
                count = 0
                frmMain.Show()
                frmMain.lblWelcome.Text = "Welcome" & " " & Title & " " & FirstName & " " & LastName
                Me.Hide()
            Else
                count += 1
    
                MsgBox("Sorry, username or password not valid", MsgBoxStyle.OkOnly, "Invalid Login")
    
                If count = 3 Then
                    MsgBox("Login failed contact the administrator")
                End If
            End If
            conn.Close()
    
        End Sub

     The functions I used for hashing and salting the password is also shown below

    Public Function CreateRandomSalt() As String
            'the following is the string that will hold the salt charachters
            Dim mix As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+=][}{<>"
            Dim salt As String = ""
            Dim rnd As New Random
            Dim sb As New StringBuilder
            For i As Integer = 1 To 100 'Length of the salt
                Dim x As Integer = rnd.Next(0, mix.Length - 1)
                salt &= (mix.Substring(x, 1))
            Next
            Return salt
        End Function
        Public Function Hash512(password As String, salt As String) As String
            Dim convertedToBytes As Byte() = Encoding.UTF8.GetBytes(password & salt)
            Dim hashType As HashAlgorithm = New SHA512Managed()
            Dim hashBytes As Byte() = hashType.ComputeHash(convertedToBytes)
            Dim hashedResult As String = Convert.ToBase64String(hashBytes)
            Return hashedResult
        End Function

    Saturday, December 30, 2017 7:19 PM
  • Hi alobi

    Suggest you alter the line

    Dim x As Integer = rnd.Next(0, mix.Length - 1)

    to

    Dim x As Integer = rnd.Next(0, mix.Length)

    if you want to include the whole of the mix string, as it stands, it will never include the last character of mix in the salt string.


    Regards Les, Livingston, Scotland

    Saturday, December 30, 2017 7:39 PM
  •   I have the following code for login form, how do I make  the password case sensitive? I have read some articles about collation and not sure if it work with access database. 

    Dim conn As OleDbConnection
            conn = New OleDbConnection(connString)
            conn.Open()
            Dim cmd As OleDbCommand = New OleDbCommand("SELECT * FROM Users WHERE [UserName] = '" & txtUserName.Text & "' AND [Passwordtbl] = '" & txtPassword.Text & "'", conn)
            Dim dr As OleDbDataReader = cmd.ExecuteReader
            '

      

    To me it is quite simple - store the username and the hashed password in the database, then query using the supplied username and the hash of the supplied password. Use SHA256 or SHA512.

    Saturday, December 30, 2017 8:30 PM