Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Professional ASP.NET 4.5 : in C# and VB
This is the forum to discuss the Wrox book Professional ASP.NET 4.5 in C# and VB by Jason N. Gaylord, Christian Wenz, Pranav Rastogi, Todd Miranda, Scott Hanselman; ISBN: 978-1-1183-1182-0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional ASP.NET 4.5 : in C# and VB section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old May 3rd, 2017, 07:26 PM
Authorized User
Points: 79, Level: 1
Points: 79, Level: 1 Points: 79, Level: 1 Points: 79, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Dec 2013
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default security help

Hello I am working on a project, and I am trying to compare the user name and password credentials to log in to my website. I do have the password hashed in the database, and have a stored procedure set up. I can get it to work if the password is in plain text, but now that it is hashed for better security, I cant get it to work that way. Here is a look at my code, and any help would be greatly appreciated.


private bool CompareStrings(string string1, string string2)
{
return String.Compare(string1, string2, true, System.Globalization.CultureInfo.InvariantCulture) == 0 ? true : false;
}

public void LogInAccount(string UserName, string UserPassword, Label InvalidLogIn)
{
connection.ConnectionString = @"Connection String";
connection.Open();


string compare = @"Select UserName FROM UserInfo WHERE UserName=@UserName AND UserPassword=HASHBYTES('SHA2_512', @UserPassword)";

//string compare = "select ISNULL(UserName, '') As UserName, ISNULL(UserPassword, '') As UserPassword from UserInfo where UserName= @UserName";

SqlCommand CompareUser = new SqlCommand(compare, connection);
//SqlCommand Command2 = new SqlCommand("select * from SignUp where FirstName= @FirstName", connection);

//Command2.Parameters.AddWithValue("@FirsName", FirstName.Text);

CompareUser.Parameters.AddWithValue("@HASHBYTES('S HA2_512', @UserPassword)", UserPassword);

CompareUser.Parameters.AddWithValue("@UserName", UserName);

SqlDataReader dr = CompareUser.ExecuteReader();

//string User = UserName;
//string UserPassword = Password;

//HtmlAnchor LogIn = (HtmlAnchor)Master.FindControl("LogIn");
//HtmlAnchor SignUp = (HtmlAnchor)Master.FindControl("SignUp");

while (dr.Read())
{
if (this.CompareStrings(dr["UserName"].ToString(), UserName) &&
this.CompareStrings(dr["UserPassword"].ToString(), UserPassword))
{
InvalidLogIn.Visible = false;
FormsAuthentication.RedirectFromLoginPage(UserName , true);
}
else
{
InvalidLogIn.Visible = true;
}
}
connection.Close();
}

Thanks a lot
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security MonkeyMan666 SQL Server 2005 1 January 21st, 2010 07:27 AM
Security Fed BOOK: ASP.NET 2.0 Instant Results ISBN: 978-0-471-74951-6 4 December 16th, 2009 09:34 AM
Code Access Security & Role Based Security robzyc C# 6 April 11th, 2008 02:31 AM
System.Security.SecurityException: Security error coolcatjk Pro VB.NET 2002/2003 4 March 2nd, 2006 05:00 PM
Security deys C++ Programming 0 February 2nd, 2006 01:33 AM



All times are GMT -4. The time now is 11:45 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.