0

i have a login page within asp.net 3.5 (c#) website, and sql server 2008 at backend, i wrote a store procedure to save password in hashed form using SHA1 algo during registration , now during login i want to compare etered passowrd with the one save in db, so i hashed the entered password by using this: String hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile(txtboxPassword.Text,"SHA1");

2
Contributors
3
Replies
4
Views
4 Years
Discussion Span
Last Post by HunainHafeez
1

I dont have code on hand to share, but the steps that I would try are as follows:

1) the user submits the username and password

2) you apply the hash to the password submitted.

vb example...
dim pwd as string = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPwd.Text,"SHA1")

3) perform a sql query to retrieve the password hash stored in the database table.

sql example...be sure to use parameters in your query to prevent sql injection.
select hashPwd from users where uid=@pwdFromTextBox

4) compare the password hash stored in pwd variable with the information from the sql query.

5) if they match, you authenticated the user.

hope that helps you get on the right track.

By the way, i've noticed that this forum category is not as active as the others such as PHP, so getting a response in a few hours may be challenging if there are not too many people online with interest in asp.net.

Edited by JorgeM

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.