Last post Jan 21, 2020 10:08 AM by Khuram.Shahzad
Jan 21, 2020 08:38 AM|Dan5|LINK
Hello, I am trying to create a simple login page, the password is already hashed and stored in a SQL table. I am trying to hash the password supplied by the user and compare it to the stored password, but its not working, can anyone tell me where I am going
Protected Sub Button2_Click(sender As Object, e As EventArgs)
Dim loginPass As String
loginPass = FormsAuthentication.HashPasswordForStoringInConfigFile(txtpassword.Text, "SHA1")
Dim con As New SqlConnection(ConfigurationManager.ConnectionStrings("test").ConnectionString)
Dim cmd As New SqlCommand("SELECT Username FROM Users WHERE Username = @username AND Password = @password", con)
Dim da As New SqlDataAdapter(cmd)
Dim dt As New DataTable()
If dt.Rows.Count = 0 Then
lblmessage.Text = "Incorrect login details"
ElseIf dt.Rows.Count > 0 Then
lblmessage.Text = "correct login details"
Jan 21, 2020 08:52 AM|Dan5|LINK
I have had a look to see what the loginPass variable is returning after it hashes the password..its almost indentical as to what is in the database
for example - 0xE0E632F990868B3B9C561D17AA22E6F4F352A306 this is the password in the database
E0E632F990868B3B9C561D17AA22E6F4F352A306 this is what loginPass is returning, it's missing the the 0x at the beginning
any ideas where I am going wrong?
thanks for any help
Jan 21, 2020 08:57 AM|Khuram.Shahzad|LINK
PasswordHasher generates different hashes each time because it uses salting technique. This technique secure the hashed password
against dictionary attacks. By the way you could use following code to manually verify the password:
// password is correct
Jan 21, 2020 09:28 AM|Dan5|LINK
So how can I get the password the user provides to hash properly and be the same as in the database?
Jan 21, 2020 10:08 AM|Khuram.Shahzad|LINK
This is main class that hash password for you and you can use it in code above hashPass and pasword are two parameters that expected by method above
The method that help you and return hashedPassword is:
This method verify hashPassword and provided password: