Last post Mar 15, 2014 05:49 PM by Quico83
Mar 15, 2014 05:20 PM|Quico83|LINK
So I have a ASP.NET v 4.0 Web Forms application connecting to MySQL Server v 5.2.47. It has a user creating an account.
The user selects his username and password, my program creates a salt and then adds the salt to his password and hashes that. Then the program stores the user name, salt, and the hash into the MySQL database.
So after an account being created the user afterwards just needs to log in by entering their username and password. What is the ideal way to be able to retrieve their salt to determine if they can log in? Because the user doesn't know their salt.
For me the only solution for this is to initially have a query that goes "SELECT salt FROM database WHERE UserName = UserNameTextbox.Text"
And then once I get the salt that matches the users username, I'd have to execute another query that goes
"SELECT * FROM database WHERE UserName = UserNameTextbox.Text AND HashedSaltPassword = Hashed(salt + PasswordTextbox.Text)";
I can't see anyway around doing this, and for some reason I don't think this is the ideal way to do so. Is there a better way?
Mar 15, 2014 05:36 PM|Mikesdotnetting|LINK
The Crypto helper does all this for you: http://msdn.microsoft.com/en-us/library/system.web.helpers.crypto(v=vs.111).aspx
It's part of the Web Pages framework but you can add the dll to your Web Forms app and use it. You just need to use the HashPassword method.
Mar 15, 2014 05:49 PM|Quico83|LINK
Ok great thanks. I just read the documentation and it seems to be exactly what I need.