i have a login page within asp.net 3.5 (c#) website, and sql server 2008 at backend, i wrote a store procedure to save password in hashed form using SHA1 algo during registration , now during login i want to compare etered passowrd with the one save in db, so i hashed the entered password by using this: String hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile(txtboxPassword.Text,"SHA1");

Recommended Answers

All 3 Replies

I dont have code on hand to share, but the steps that I would try are as follows:

1) the user submits the username and password

2) you apply the hash to the password submitted.

vb example...
dim pwd as string = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPwd.Text,"SHA1")

3) perform a sql query to retrieve the password hash stored in the database table.

sql example...be sure to use parameters in your query to prevent sql injection.
select hashPwd from users where uid=@pwdFromTextBox

4) compare the password hash stored in pwd variable with the information from the sql query.

5) if they match, you authenticated the user.

hope that helps you get on the right track.

By the way, i've noticed that this forum category is not as active as the others such as PHP, so getting a response in a few hours may be challenging if there are not too many people online with interest in asp.net.

@jorgem: yahooooo thanks it worked

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.