I saved password into the database with "binary" data type from GetByte method. How can I to compare

Discussion in 'ASP .Net' started by Benny Ng, Jan 19, 2006.

  1. Benny Ng

    Benny Ng Guest

    Dear all,

    The following is the source. The password is encrypted and saved into the
    Binary in SQL2K.
    Now I want to create a new page to compare the existed password and the
    password that in the database.
    But I don't know how to used source code to solve it. Can you help me?
    Urgently!

    <<<<<<Save Method<<<<<<

    HashProviderFactory hashProviderFactory = new HashProviderFactory();
    this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed");
    byte[] password =
    hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));

    DBCommandWrapper DBCW_Edit =
    db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
    DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
    DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
    db.ExecuteNonQuery(DBCW_Edit);


    <<<<<<Get Method from SQL2K<<<<<<

    HashProviderFactory hashProviderFactory = new HashProviderFactory();
    this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed");
    byte[] password =
    hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));

    DBCommandWrapper DBCW_Edit =
    db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
    DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
    DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
    db.ExecuteNonQuery(DBCW_Edit);


    Benny Ng
     
    Benny Ng, Jan 19, 2006
    #1
    1. Advertising

  2. Benny Ng

    Jim Wooley Guest

    "Benny Ng" <> wrote in message
    news:...
    > The following is the source. The password is encrypted and saved into the
    > Binary in SQL2K.
    > Now I want to create a new page to compare the existed password and the
    > password that in the database.
    > But I don't know how to used source code to solve it. Can you help me?


    Not seeing the StoredProcedure, it is unclear exactly what is being done
    here other than passing the username and hashed password to the database. In
    most cases, a one way hash is sufficient for passwords. You do not need to
    retrieve a password, only compare the saved hash against the hashed version
    of the user entered value. If the values match, then you have authenticated
    their credentials. If not, then it is not valid. It is more secure to give
    the user the ability to change their password, or possibly reset it, but
    never to retrieve it.

    Jim Wooley
     
    Jim Wooley, Jan 20, 2006
    #2
    1. Advertising

  3. Once you have saved the password, every time a user logs in with that
    password, encrypt the typed value using the same encryption as with the
    database password and then compare.
    --
    Christopher A. Reed
    "The oxen are slow, but the earth is patient."

    "Benny Ng" <> wrote in message
    news:...
    > Dear all,
    >
    > The following is the source. The password is encrypted and saved into the
    > Binary in SQL2K.
    > Now I want to create a new page to compare the existed password and the
    > password that in the database.
    > But I don't know how to used source code to solve it. Can you help me?
    > Urgently!
    >
    > <<<<<<Save Method<<<<<<
    >
    > HashProviderFactory hashProviderFactory = new HashProviderFactory();
    > this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed");
    > byte[] password =
    > hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));
    >
    > DBCommandWrapper DBCW_Edit =
    > db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
    > DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
    > DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
    > db.ExecuteNonQuery(DBCW_Edit);
    >
    >
    > <<<<<<Get Method from SQL2K<<<<<<
    >
    > HashProviderFactory hashProviderFactory = new HashProviderFactory();
    > this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed");
    > byte[] password =
    > hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));
    >
    > DBCommandWrapper DBCW_Edit =
    > db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
    > DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
    > DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
    > db.ExecuteNonQuery(DBCW_Edit);
    >
    >
    > Benny Ng
    >
     
    Christopher Reed, Jan 22, 2006
    #3
  4. Benny Ng

    Benny Ng Guest

    Hi,All,

    I found the reason about this. Because this application is based on
    Enterprise Library. So When I set the option about the encryption. I
    selected the "Salt Enabled". And as we know the salt is randomly generated
    by the system (or by us) . So the method that I used to compare the equal of
    both password wouldn't be runs properly. But at last I used the intrinsic
    method of Identity Authentication (likes the logon page) to compare the
    coming password and the existed one. It's successfully.

    So, In here I'm appreciated for everyone's concentrated and helps.

    Thank you very much.

    Benny Ng
    MSN:


    "Christopher Reed" <> wrote in message
    news:%23yaZ%...
    > Once you have saved the password, every time a user logs in with that
    > password, encrypt the typed value using the same encryption as with the
    > database password and then compare.
    > --
    > Christopher A. Reed
    > "The oxen are slow, but the earth is patient."
    >
    > "Benny Ng" <> wrote in message
    > news:...
    >> Dear all,
    >>
    >> The following is the source. The password is encrypted and saved into the
    >> Binary in SQL2K.
    >> Now I want to create a new page to compare the existed password and the
    >> password that in the database.
    >> But I don't know how to used source code to solve it. Can you help me?
    >> Urgently!
    >>
    >> <<<<<<Save Method<<<<<<
    >>
    >> HashProviderFactory hashProviderFactory = new HashProviderFactory();
    >> this.hashProvider =
    >> hashProviderFactory.CreateHashProvider("SHA1Managed");
    >> byte[] password =
    >> hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));
    >>
    >> DBCommandWrapper DBCW_Edit =
    >> db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
    >> DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
    >> DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
    >> db.ExecuteNonQuery(DBCW_Edit);
    >>
    >>
    >> <<<<<<Get Method from SQL2K<<<<<<
    >>
    >> HashProviderFactory hashProviderFactory = new HashProviderFactory();
    >> this.hashProvider =
    >> hashProviderFactory.CreateHashProvider("SHA1Managed");
    >> byte[] password =
    >> hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));
    >>
    >> DBCommandWrapper DBCW_Edit =
    >> db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
    >> DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
    >> DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
    >> db.ExecuteNonQuery(DBCW_Edit);
    >>
    >>
    >> Benny Ng
    >>

    >
    >
     
    Benny Ng, Jan 25, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Spam Catcher
    Replies:
    0
    Views:
    378
    Spam Catcher
    Jul 27, 2006
  2. Floyd

    GetByte(int x, int n)

    Floyd, Oct 20, 2004, in forum: C Programming
    Replies:
    53
    Views:
    2,436
    Tim Rentsch
    Oct 30, 2004
  3. azrael
    Replies:
    1
    Views:
    300
    azrael
    Oct 12, 2008
  4. AAaron123
    Replies:
    2
    Views:
    2,377
    AAaron123
    Jan 16, 2009
  5. AAaron123
    Replies:
    1
    Views:
    1,427
    Oriane
    Jan 16, 2009
Loading...

Share This Page