Hey guys,

I'm taking a beginner's VB/.NET class. Today we started working on a project involving a simple login form, e.g.:

Public Class Form1
    Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
        If txtUsername.Text.ToUpper <> "JOHNDOE" Then
            MessageBox.Show("Error: Username doesn't exist.")
            Exit Sub
        End If
        If txtPassword.Text <> "ThisIsMySecretPassword" Then
            MessageBox.Show("Error: Password doesn't match.")
            Exit Sub
        Else
            MessageBox.Show("You are now logged in. Now you can see all my secret data!")
        End If
    End Sub
End Class

Of course, this has the obvious problem of "Hey, let's view the password by opening the .exe in Notepad!" So I was thinking of using the same method I use for web authentication, where the password the user types in is hashed and compared to the previously-hashed form of the correct PW. The thing is, I don't know how to do that.

Looking at MSDN, apparently a class does exist. However, I'm still new at this language and don't understand how to implement it. Could someone provide an example?

Try making a function that would encrypt and decrypt passwords. Instead of typing the password in your inline code, type the encrypted password but as a parameter to a decrypting function.

This is how I do it..

Dim password as String = decrypt("XC^A&S423@$")
If txtPassword.Text <> password Then
   MessageBox.Show("Error: Password doesn't match.")
   Exit Sub
Else

Now, your job is to define the function:

Private Function decrypt(Byval encryptedText as String) as String

End Function

You may wish to define the encrypt() function.

My problem is not with the concept -- I've done this sort of thing before in PHP -- but with the syntax. E.g., this is the effect I want:

// Pseudocode
If (toupper($usernamein) != "JOHNDOE") {
 print "Username doesn't match"
 exit
}
If (computehash($passwordin) != $prehashedpass) { // where $prehashedpass is the hashed form of the correct PW
 print "Password doesn't match"
 exit
}

print "You are now logged in."

The code listed in the MSDN doesn't work when I add it to my code:

Public Class Form1
    Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
        If txtUsername.Text.ToUpper <> "JOHNDOE" Then
            MessageBox.Show("Error: Username doesn't exist.")
            Exit Sub
        End If
        Dim shaM As New SHA256Managed()
        If shaM.ComputeHash(txtPassword.Text) <> "ThisIsThePreHashedPassword" Then
            MessageBox.Show("Error: Password doesn't match.")
            Exit Sub
        Else
            MessageBox.Show("You are now logged in. Now you can see all my secret data!")
        End If
    End Sub
End Class

I suspect it's because of namespaces (which I haven't learned yet) or because the SHA256Managed hasn't been defined (classes are also something I haven't learned yet), but there are probably other factors too. If the problems with the above were corrected, then I could probably roll with it and use the code for my own purposes.

(By the by, there's no decryption function for SHA-256, because it's a hashing algorithm and not an encryption algorithm.)

Try reading the description of the function SHA256Managed.ComputeHash() in the documentation of the .NET framework SDK for more information.

The SHA256Managed can be defined if you include in your code the import statements Jx_Man had provided.

You may need to convert the content of txtPassword.Text into byte() before passing it to the function.

This article has been dead for over six months. Start a new discussion instead.