validating a password string

  • Thread starter Thread starter ryan
  • Start date Start date
R

ryan

i am storing a usernames and passwords in a table called Users.

I present a login form to the user when my application starts up
(VB.NET, .NET CF, Windows Mobile 5)

The user chooses a username from a combo box that queries the Users
table. Then they type in a password string.

I then use the following code to validate the string when the user
clicks on the Submit menu item

Private Sub Submit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Submit.Click
vUserName = Me.UserCombo.Text 'set variable for use later in
the app
'MsgBox(vUserName)

Dim vPassword2 As String
vPassword2 =
CStr(Me.UsersTableAdapter.GetPassword(UserDataSet.Users, vUserName))
'MsgBox(vPassword2)

If vPassword2 <> Me.UserPassword.Text Then
MessageBox.Show("Login Failed. Please try again.",
"Login", MessageBoxButtons.OK, MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1)
'refill the username list with all options
Me.UsersTableAdapter.Fill(UserDataSet.Users)
Else
Dim frmMainMenu As New SystemMenu 'create the system menu
class
frmMainMenu.Show()

End If
End Sub

I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.

Ryan
 
Cor

Thanks for responding. This application is a commercial windows mobile
app that is sync'ed with a desktop client / SQL. The end user can set
up in the desktop app user profiles, names, passwords, and roles
specific to the application.

I actually got it to work with a revision to my code:

Private Sub Submit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Submit.Click
vUserName = Me.UserCombo.Text 'set variable for use later in
the app
'MsgBox(vUserName)

Me.UsersTableAdapter.GetPassword(UserDataSet.Users, vUserName)

Dim vPassword1 As String
Dim vPassword2 As String
Dim compare As StringComparison
Dim i As Boolean

vPassword1 = Me.hiddenpassword.Text

vPassword2 = Me.UserPassword.Text
'MsgBox(vPassword2)

i = String.Equals(vPassword1, vPassword2, compare)

If i = False Then
MessageBox.Show("Login Failed. Please try again.",
"Login", MessageBoxButtons.OK, MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1)
'refill the username list with all options
Me.UsersTableAdapter.Fill(UserDataSet.Users)
Else
Dim frmMainMenu As New SystemMenu 'create the system menu
class
frmMainMenu.Show()

End If
End Sub

I am fairly new to VB.net so any feedback would be appreciated!!!

Ryan
 
ryan said:
I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.
Click to expand...

(1) Don't retrieve the password to compare it. Just ask the database to
count the User records where the username and password are the ones
entered. If you count comes back as 1, all is well.

(2) Don't even store passwords!
Get hold of a [one-way] encryption routine, use that in the client
application and store/compare the encrypted version.

That way, if anyone steals your database or tries to intercept the
network traffic, they don't get anything useful.

HTH,
Phill W.
 
thanks Phil

I will do that!

Ryan


(1) Don't retrieve the password to compare it. Just ask the database to
count the User records where the username and password are the ones
entered. If you count comes back as 1, all is well.

(2) Don't even store passwords!
Get hold of a [one-way] encryption routine, use that in the client
application and store/compare the encrypted version.

That way, if anyone steals your database or tries to intercept the
network traffic, they don't get anything useful.

HTH,
Phill W.
Click to expand...
 
Back
Top