HashPasswordForStoringInConfigFile > Windows.Forms App

TheMSsForum.com: The Microsoft Software Forum

Hi I've been using the code below to authenticate a user in the
database in my ASP.Net app but now I've built another Windows Forms
based application. I'm trying to use the below code but I guess there
is no equivalent to the
FormsAuthentication.HashPasswordForStoringInConfigFile function. Does
anyone know what I can use instead?

Patrick


public bool VerifyPassword(string suppliedUsername,
string suppliedPassword)
{
bool passwordMatch = false;
// Get the salt and pwd from the database based on the user
name.
Helper helper = new Helper();
string _connectionString = helper.GetConnection(_server);
SqlConnection conn = new SqlConnection(_connectionString);
SqlCommand cmd = new SqlCommand("LookupUser", conn);
cmd.CommandType = CommandType.StoredProcedure;

SqlParameter sqlParam = cmd.Parameters.Add("@username",
SqlDbType.VarChar, 255);
sqlParam.Value = suppliedUsername;
try
{
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read(); // Advance to the one and only row
// Return output parameters from returned data stream
string dbPasswordHash = reader.GetString(0);
string salt = reader.GetString(1);
reader.Close();
// Now take the salt and the password entered by the
user
// and concatenate them together.
string passwordAndSalt =
String.Concat(suppliedPassword, salt);
// Now hash them
string hashedPasswordAndSalt =
FormsAuthentication.HashPasswordForStoringInConfigFile(passwordAndSalt,
"SHA1");
// Now verify them.
passwordMatch =
hashedPasswordAndSalt.Equals(dbPasswordHash);
}
catch (Exception ex)
{
throw new Exception("Execption verifying password. " +
ex.Message);
}
finally
{
conn.Close();
}
return passwordMatch;
}
Top

Re: HashPasswordForStoringInConfigFile > Windows.Forms App by FUnky

FUnky
Mon Mar 13 23:56:21 CST 2006


<pat.clarke@rogers.com> wrote in message
news:1142270314.883702.184400@p10g2000cwp.googlegroups.com...
> Hi I've been using the code below to authenticate a user in the
> database in my ASP.Net app but now I've built another Windows Forms
> based application. I'm trying to use the below code but I guess there
> is no equivalent to the
> FormsAuthentication.HashPasswordForStoringInConfigFile function. Does
> anyone know what I can use instead?
>
> Patrick
>
>
> public bool VerifyPassword(string suppliedUsername,
> string suppliedPassword)
> {
> bool passwordMatch = false;
> // Get the salt and pwd from the database based on the user
> name.
> Helper helper = new Helper();
> string _connectionString = helper.GetConnection(_server);
> SqlConnection conn = new SqlConnection(_connectionString);
> SqlCommand cmd = new SqlCommand("LookupUser", conn);
> cmd.CommandType = CommandType.StoredProcedure;
>
> SqlParameter sqlParam = cmd.Parameters.Add("@username",
> SqlDbType.VarChar, 255);
> sqlParam.Value = suppliedUsername;
> try
> {
> conn.Open();
> SqlDataReader reader = cmd.ExecuteReader();
> reader.Read(); // Advance to the one and only row
> // Return output parameters from returned data stream
> string dbPasswordHash = reader.GetString(0);
> string salt = reader.GetString(1);
> reader.Close();
> // Now take the salt and the password entered by the
> user
> // and concatenate them together.
> string passwordAndSalt =
> String.Concat(suppliedPassword, salt);
> // Now hash them
> string hashedPasswordAndSalt =
> FormsAuthentication.HashPasswordForStoringInConfigFile(passwordAndSalt,
> "SHA1");
> // Now verify them.
> passwordMatch =
> hashedPasswordAndSalt.Equals(dbPasswordHash);
> }
> catch (Exception ex)
> {
> throw new Exception("Execption verifying password. " +
> ex.Message);
> }
> finally
> {
> conn.Close();
> }
> return passwordMatch;
> }
>

Here is what you can use instead:
private string HashPassword(string password)

{

Byte[] passwordBytes = System.Text.Encoding.Unicode.GetBytes(password);

SHA256Managed hashProvider = new SHA256Managed();

hashProvider.Initialize();

passwordBytes = hashProvider.ComputeHash(passwordBytes);

hashProvider.Clear();

return Convert.ToBase64String(passwordBytes);

}


Top