HashPasswordForStoringInConfigFile > Windows.Forms App

  • Thread starter Thread starter pat.clarke
  • Start date Start date
P

pat.clarke

Hi I've been using the code below to authenticate a user in the
database in my ASP.Net app but now I've built another Windows Forms
based application. I'm trying to use the below code but I guess there
is no equivalent to the
FormsAuthentication.HashPasswordForStoringInConfigFile function. Does
anyone know what I can use instead?

Patrick


public bool VerifyPassword(string suppliedUsername,
string suppliedPassword)
{
bool passwordMatch = false;
// Get the salt and pwd from the database based on the user
name.
Helper helper = new Helper();
string _connectionString = helper.GetConnection(_server);
SqlConnection conn = new SqlConnection(_connectionString);
SqlCommand cmd = new SqlCommand("LookupUser", conn);
cmd.CommandType = CommandType.StoredProcedure;

SqlParameter sqlParam = cmd.Parameters.Add("@username",
SqlDbType.VarChar, 255);
sqlParam.Value = suppliedUsername;
try
{
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read(); // Advance to the one and only row
// Return output parameters from returned data stream
string dbPasswordHash = reader.GetString(0);
string salt = reader.GetString(1);
reader.Close();
// Now take the salt and the password entered by the
user
// and concatenate them together.
string passwordAndSalt =
String.Concat(suppliedPassword, salt);
// Now hash them
string hashedPasswordAndSalt =
FormsAuthentication.HashPasswordForStoringInConfigFile(passwordAndSalt,
"SHA1");
// Now verify them.
passwordMatch =
hashedPasswordAndSalt.Equals(dbPasswordHash);
}
catch (Exception ex)
{
throw new Exception("Execption verifying password. " +
ex.Message);
}
finally
{
conn.Close();
}
return passwordMatch;
}
 
Hi I've been using the code below to authenticate a user in the
database in my ASP.Net app but now I've built another Windows Forms
based application. I'm trying to use the below code but I guess there
is no equivalent to the
FormsAuthentication.HashPasswordForStoringInConfigFile function. Does
anyone know what I can use instead?

Patrick


public bool VerifyPassword(string suppliedUsername,
string suppliedPassword)
{
bool passwordMatch = false;
// Get the salt and pwd from the database based on the user
name.
Helper helper = new Helper();
string _connectionString = helper.GetConnection(_server);
SqlConnection conn = new SqlConnection(_connectionString);
SqlCommand cmd = new SqlCommand("LookupUser", conn);
cmd.CommandType = CommandType.StoredProcedure;

SqlParameter sqlParam = cmd.Parameters.Add("@username",
SqlDbType.VarChar, 255);
sqlParam.Value = suppliedUsername;
try
{
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read(); // Advance to the one and only row
// Return output parameters from returned data stream
string dbPasswordHash = reader.GetString(0);
string salt = reader.GetString(1);
reader.Close();
// Now take the salt and the password entered by the
user
// and concatenate them together.
string passwordAndSalt =
String.Concat(suppliedPassword, salt);
// Now hash them
string hashedPasswordAndSalt =
FormsAuthentication.HashPasswordForStoringInConfigFile(passwordAndSalt,
"SHA1");
// Now verify them.
passwordMatch =
hashedPasswordAndSalt.Equals(dbPasswordHash);
}
catch (Exception ex)
{
throw new Exception("Execption verifying password. " +
ex.Message);
}
finally
{
conn.Close();
}
return passwordMatch;
}
Click to expand...

Here is what you can use instead:
private string HashPassword(string password)

{

Byte[] passwordBytes = System.Text.Encoding.Unicode.GetBytes(password);

SHA256Managed hashProvider = new SHA256Managed();

hashProvider.Initialize();

passwordBytes = hashProvider.ComputeHash(passwordBytes);

hashProvider.Clear();

return Convert.ToBase64String(passwordBytes);

}
 
Back
Top