I saved password into the database with "binary" data type from GetByte method. How can I to compare

B

Benny Ng

Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);


<<<<<<Get Method from SQL2K<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);


Benny Ng
 
J

Jim Wooley

Benny Ng said:
The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?

Not seeing the StoredProcedure, it is unclear exactly what is being done
here other than passing the username and hashed password to the database. In
most cases, a one way hash is sufficient for passwords. You do not need to
retrieve a password, only compare the saved hash against the hashed version
of the user entered value. If the values match, then you have authenticated
their credentials. If not, then it is not valid. It is more secure to give
the user the ability to change their password, or possibly reset it, but
never to retrieve it.

Jim Wooley
 
C

Christopher Reed

Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the
database password and then compare.
 
B

Benny Ng

Hi,All,

I found the reason about this. Because this application is based on
Enterprise Library. So When I set the option about the encryption. I
selected the "Salt Enabled". And as we know the salt is randomly generated
by the system (or by us) . So the method that I used to compare the equal of
both password wouldn't be runs properly. But at last I used the intrinsic
method of Identity Authentication (likes the logon page) to compare the
coming password and the existed one. It's successfully.

So, In here I'm appreciated for everyone's concentrated and helps.

Thank you very much.

Benny Ng
MSN: (e-mail address removed)


Christopher Reed said:
Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the
database password and then compare.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."

Benny Ng said:
Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider =
hashProviderFactory.CreateHashProvider("SHA1Managed");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);


<<<<<<Get Method from SQL2K<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider =
hashProviderFactory.CreateHashProvider("SHA1Managed");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassword);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);


Benny Ng
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top