Asked by:
Creating simple login, compare password to hashed password in SQL database

Question
-
User1028962535 posted
Hello, I am trying to create a simple login page, the password is already hashed and stored in a SQL table. I am trying to hash the password supplied by the user and compare it to the stored password, but its not working, can anyone tell me where I am going wrong please..
Protected Sub Button2_Click(sender As Object, e As EventArgs)
Dim loginPass As String
loginPass = FormsAuthentication.HashPasswordForStoringInConfigFile(txtpassword.Text, "SHA1")
Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("test").ConnectionString)
con.Open()
Dim cmd As New SqlCommand("SELECT Username FROM Users WHERE Username = @username AND Password = @password", con)
cmd.Parameters.AddWithValue("@username", txtusername.Text)
cmd.Parameters.AddWithValue("@password", loginPass)
Dim da As New SqlDataAdapter(cmd)
Dim dt As New DataTable()
da.Fill(dt)If dt.Rows.Count = 0 Then
lblmessage.Text = "Incorrect login details"
ElseIf dt.Rows.Count > 0 Then
lblmessage.Text = "correct login details"
End If
End SubTuesday, January 21, 2020 8:38 AM
All replies
-
User1028962535 posted
I have had a look to see what the loginPass variable is returning after it hashes the password..its almost indentical as to what is in the database
for example - 0xE0E632F990868B3B9C561D17AA22E6F4F352A306 this is the password in the database
E0E632F990868B3B9C561D17AA22E6F4F352A306 this is what loginPass is returning, it's missing the the 0x at the beginning
any ideas where I am going wrong?
thanks for any help
Tuesday, January 21, 2020 8:52 AM -
User-1780421697 posted
PasswordHasher
generates different hashes each time because it uses salting technique. This technique secure the hashed password against dictionary attacks. By the way you could use following code to manually verify the password:MVC:
if(PasswordHasher.VerifyHashedPassword("hashedPassword", "password") != PasswordVerificationResult.Failed) { // password is correct }
Tuesday, January 21, 2020 8:57 AM -
User1028962535 posted
So how can I get the password the user provides to hash properly and be the same as in the database?
Tuesday, January 21, 2020 9:28 AM -
User-1780421697 posted
https://docs.microsoft.com/en-us/previous-versions/aspnet/dn468192(v%3Dvs.108)
This is main class that hash password for you and you can use it in code above hashPass and pasword are two parameters that expected by method above
The method that help you and return hashedPassword is:
https://docs.microsoft.com/en-us/previous-versions/aspnet/mt151559%28v%3dvs.108%29
This method verify hashPassword and provided password:
https://docs.microsoft.com/en-us/previous-versions/aspnet/mt151578%28v%3dvs.108%29
Tuesday, January 21, 2020 10:08 AM