0

i figured out the problem

it is that Hash function generates different hash each time for same value i.e 12345 and thats why it doesn't match during login with the one that i submitted during signup.

so is there any way to make the hash stable for same value

e.g. for 1234 a hash should be = 14012dn2998du293ur2ur09u20u092t89284, each time

here is the code:

protected void btnLogin_Click(object sender, EventArgs e)
    {
 String hashing_pwd = FormsAuthentication.HashPasswordForStoringInConfigFile(txtboxPwd.Text, "sha1"); String hashed_pwd = String.Concat(CreateSalt(), hashing_pwd); Response.Write(hashed_pwd);         String con_string = ConfigurationManager.ConnectionStrings["todolist_connectionstring"].ConnectionString;
        SqlConnection con = new SqlConnection(con_string);
        SqlCommand comm = new SqlCommand("member_login", con);
        comm.CommandType = CommandType.StoredProcedure;
        comm.Parameters.Add("@email", SqlDbType.VarChar);
        comm.Parameters["@email"].Value = txtboxEmail.Text;
        comm.Parameters.Add("@pwd", SqlDbType.VarChar);
        comm.Parameters["@pwd"].Value = hashed_pwd;
        comm.Parameters.Add("@result", SqlDbType.Int);
        comm.Parameters["@result"].Direction = ParameterDirection.Output;

        try
        {
            con.Open();
            comm.ExecuteNonQuery();
            int res = (int)comm.Parameters["@result"].Value;
            if (res > 0 )
            {
                Response.Write("<br/>" + "MATCHED");
            }
            else
            {
                Response.Write("<br/>" + "UN- MATCHED");
            }


        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }
        finally
        {
            con.Close();
        }


    }

    protected static string CreateSalt()
    {
     RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
     byte[] byteArr = new byte[32];
     rng.GetBytes(byteArr); return Convert.ToBase64String(byteArr);
    }
}
2
Contributors
2
Replies
13
Views
3 Years
Discussion Span
Last Post by JorgeM
Featured Replies
  • 1

    Are you saying that you are getting a different hash value for the same number each time you run it? Read More

  • 1

    I'm not familiar with that provider (RNGCryptoServiceProvider), but I looked it up and its working as expected. According to my research, RNGCryptoServiceProvider generates high-quality random numbers. That would be the reason why you are getting different values. looks like there is missing stuff here. I'll read some more and hopefully … Read More

1

Are you saying that you are getting a different hash value for the same number each time you run it?

Comments
yes JorgeM
1

I'm not familiar with that provider (RNGCryptoServiceProvider), but I looked it up and its working as expected. According to my research, RNGCryptoServiceProvider generates high-quality random numbers. That would be the reason why you are getting different values. looks like there is missing stuff here. I'll read some more and hopefully can provide better assistance.

Edited by JorgeM

Comments
got it, i just saved salt for each user and during login grabbed that salt to hash the password with it. btw thanks man !
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.