FormAuthentication hashed passwords

B

bthumber

I am try to authenication userID and password, I check the spelling of both
userID and password. The problem is it is always false and I know I typed
in the correct data. How am I doing wrong??? Here is my code:

private bool VerifyPasswords(string suppliedUserName, string
suppliedPassword)
{
bool passwordMatch = false;

string connection =
WebConfigurationManager.AppSettings["ConnectionString"];
SqlConnection cn = new SqlConnection(connection);
SqlCommand cmd = new SqlCommand("LookupUser", cn);
cmd.CommandType = CommandType.StoredProcedure;

SqlParameter sqlParam = cmd.Parameters.Add("@username",
SqlDbType.NVarChar, 50);
sqlParam.Value = suppliedUserName;

try
{
cn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read(); // Advance to the one and only row

// Return output parameters from returned data stream
string dbPasswordHash = reader.GetString(0);
int saltSize = 5;
string salt = dbPasswordHash.Substring(dbPasswordHash.Length -
saltSize);
reader.Close();

string hashedPasswordAndSalt =
CreatePasswordHash(suppliedPassword, salt);
passwordMatch = hashedPasswordAndSalt.Equals(dbPasswordHash);
}
catch (Exception ex)
{
throw new Exception("Exception verifying password. " +
ex.Message);
}
finally
{
cn.Close();
}
return passwordMatch;
}

protected void btnLogin_Click(object sender, EventArgs e)
{
bool passwordVerified = false;

try
{
passwordVerified = VerifyPasswords(txtUID.Text, txtPW.Text);
}
catch (Exception ex)
{
lblMessage.Text = ex.Message;
return;
}

if (passwordVerified == true)
{
lblMessage.Text = "Logon successful: user is authenticated";
}
else
{
lblMessage.Text = "Invalid username or password.";
}
}
///////////////////////////////////////////////////////////////////////////////

ALTER PROCEDURE LookupUser
@username nvarchar(50)
AS
SELECT PasswordHash FROM CshipUsers WHERE UserName = @username

//////////////////////////////////////////////////////////////////////////////

private static string CreatePasswordHash(string pwd, string salt)
{
string saltAndPwd = String.Concat(pwd, salt);
string hashedPwd =
FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPwd, "SHA1");
hashedPwd = String.Concat(hashedPwd, salt);

return hashedPwd;
}
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,787
Messages
2,569,630
Members
45,334
Latest member
66Zeinab9

Latest Threads

Top