Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Windows Forms / WinForm General / March 2006

Tip: Looking for answers? Try searching our database.

HashPasswordForStoringInConfigFile > Windows.Forms App

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
pat.clarke@rogers.com - 13 Mar 2006 18:18 GMT
Hi I've been using the code below to authenticate a user in the
database in my ASP.Net app but now I've built another Windows Forms
based application. I'm trying to use the below code but I guess there
is no equivalent to the
FormsAuthentication.HashPasswordForStoringInConfigFile function. Does
anyone know what I can use instead?

Patrick

public bool VerifyPassword(string suppliedUsername,
                           string suppliedPassword)
       {
           bool passwordMatch = false;
           // Get the salt and pwd from the database based on the user
name.
           Helper helper = new Helper();
           string _connectionString = helper.GetConnection(_server);
           SqlConnection conn = new SqlConnection(_connectionString);
           SqlCommand cmd = new SqlCommand("LookupUser", conn);
           cmd.CommandType = CommandType.StoredProcedure;

           SqlParameter sqlParam = cmd.Parameters.Add("@username",
SqlDbType.VarChar, 255);
           sqlParam.Value = suppliedUsername;
           try
           {
               conn.Open();
               SqlDataReader reader = cmd.ExecuteReader();
               reader.Read(); // Advance to the one and only row
               // Return output parameters from returned data stream
               string dbPasswordHash = reader.GetString(0);
               string salt = reader.GetString(1);
               reader.Close();
               // Now take the salt and the password entered by the
user
               // and concatenate them together.
               string passwordAndSalt =
String.Concat(suppliedPassword, salt);
               // Now hash them
               string hashedPasswordAndSalt =
FormsAuthentication.HashPasswordForStoringInConfigFile(passwordAndSalt,
"SHA1");
               // Now verify them.
               passwordMatch =
hashedPasswordAndSalt.Equals(dbPasswordHash);
           }
           catch (Exception ex)
           {
               throw new Exception("Execption verifying password. " +
ex.Message);
           }
           finally
           {
               conn.Close();
           }
           return passwordMatch;
       }
Reply to this Message
FUnky - 14 Mar 2006 06:55 GMT
> Hi I've been using the code below to authenticate a user in the
> database in my ASP.Net app but now I've built another Windows Forms
[quoted text clipped - 53 lines]
>            return passwordMatch;
>        }

Here is what you can use instead:
private string HashPassword(string password)

{

Byte[] passwordBytes = System.Text.Encoding.Unicode.GetBytes(password);

SHA256Managed hashProvider = new SHA256Managed();

hashProvider.Initialize();

passwordBytes = hashProvider.ComputeHash(passwordBytes);

hashProvider.Clear();

return Convert.ToBase64String(passwordBytes);

}
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.