|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
I saved password into the database with "binary" data type from GetByte method. How can I to compareThe following is the source. The password is encrypted and saved into the Binary in SQL2K. Now I want to create a new page to compare the existed password and the password that in the database. But I don't know how to used source code to solve it. Can you help me? Urgently! <<<<<<Save Method<<<<<< HashProviderFactory hashProviderFactory = new HashProviderFactory(); this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed"); byte[] password = hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text)); DBCommandWrapper DBCW_Edit = db.GetStoredProcCommandWrapper(CPEditSalesmanPassword); DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); db.ExecuteNonQuery(DBCW_Edit); <<<<<<Get Method from SQL2K<<<<<< HashProviderFactory hashProviderFactory = new HashProviderFactory(); this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed"); byte[] password = hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text)); DBCommandWrapper DBCW_Edit = db.GetStoredProcCommandWrapper(CPEditSalesmanPassword); DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); db.ExecuteNonQuery(DBCW_Edit); Benny Ng "Benny Ng" <benny_wuf***@hotmail.com> wrote in message Not seeing the StoredProcedure, it is unclear exactly what is being done news:uWSuavRHGHA.2320@TK2MSFTNGP11.phx.gbl... > The following is the source. The password is encrypted and saved into the > Binary in SQL2K. > Now I want to create a new page to compare the existed password and the > password that in the database. > But I don't know how to used source code to solve it. Can you help me? here other than passing the username and hashed password to the database. In most cases, a one way hash is sufficient for passwords. You do not need to retrieve a password, only compare the saved hash against the hashed version of the user entered value. If the values match, then you have authenticated their credentials. If not, then it is not valid. It is more secure to give the user the ability to change their password, or possibly reset it, but never to retrieve it. Jim Wooley Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the database password and then compare. -- Show quoteChristopher A. Reed "The oxen are slow, but the earth is patient." "Benny Ng" <benny_wuf***@hotmail.com> wrote in message news:uWSuavRHGHA.2320@TK2MSFTNGP11.phx.gbl... > Dear all, > > The following is the source. The password is encrypted and saved into the > Binary in SQL2K. > Now I want to create a new page to compare the existed password and the > password that in the database. > But I don't know how to used source code to solve it. Can you help me? > Urgently! > > <<<<<<Save Method<<<<<< > > HashProviderFactory hashProviderFactory = new HashProviderFactory(); > this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed"); > byte[] password = > hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text)); > > DBCommandWrapper DBCW_Edit = > db.GetStoredProcCommandWrapper(CPEditSalesmanPassword); > DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); > DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); > db.ExecuteNonQuery(DBCW_Edit); > > > <<<<<<Get Method from SQL2K<<<<<< > > HashProviderFactory hashProviderFactory = new HashProviderFactory(); > this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Managed"); > byte[] password = > hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text)); > > DBCommandWrapper DBCW_Edit = > db.GetStoredProcCommandWrapper(CPEditSalesmanPassword); > DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); > DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); > db.ExecuteNonQuery(DBCW_Edit); > > > Benny Ng > Hi,All,
I found the reason about this. Because this application is based on Enterprise Library. So When I set the option about the encryption. I selected the "Salt Enabled". And as we know the salt is randomly generated by the system (or by us) . So the method that I used to compare the equal of both password wouldn't be runs properly. But at last I used the intrinsic method of Identity Authentication (likes the logon page) to compare the coming password and the existed one. It's successfully. So, In here I'm appreciated for everyone's concentrated and helps. Thank you very much. Benny Ng MSN: benny_wuf***@hotmail.com Show quote "Christopher Reed" <carttu@nospam.nospam> wrote in message news:%23yaZ%23u1HGHA.2896@TK2MSFTNGP09.phx.gbl... > Once you have saved the password, every time a user logs in with that > password, encrypt the typed value using the same encryption as with the > database password and then compare. > -- > Christopher A. Reed > "The oxen are slow, but the earth is patient." > > "Benny Ng" <benny_wuf***@hotmail.com> wrote in message > news:uWSuavRHGHA.2320@TK2MSFTNGP11.phx.gbl... >> Dear all, >> >> The following is the source. The password is encrypted and saved into the >> Binary in SQL2K. >> Now I want to create a new page to compare the existed password and the >> password that in the database. >> But I don't know how to used source code to solve it. Can you help me? >> Urgently! >> >> <<<<<<Save Method<<<<<< >> >> HashProviderFactory hashProviderFactory = new HashProviderFactory(); >> this.hashProvider = >> hashProviderFactory.CreateHashProvider("SHA1Managed"); >> byte[] password = >> hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text)); >> >> DBCommandWrapper DBCW_Edit = >> db.GetStoredProcCommandWrapper(CPEditSalesmanPassword); >> DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); >> DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); >> db.ExecuteNonQuery(DBCW_Edit); >> >> >> <<<<<<Get Method from SQL2K<<<<<< >> >> HashProviderFactory hashProviderFactory = new HashProviderFactory(); >> this.hashProvider = >> hashProviderFactory.CreateHashProvider("SHA1Managed"); >> byte[] password = >> hashProvider.CreateHash(Encoding.Unicode.GetBytes(TxtPassword.Text)); >> >> DBCommandWrapper DBCW_Edit = >> db.GetStoredProcCommandWrapper(CPEditSalesmanPassword); >> DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id); >> DBCW_Edit.AddInParameter("@Password", DbType.Binary, password); >> db.ExecuteNonQuery(DBCW_Edit); >> >> >> Benny Ng >> > >  |
|||||||||||||||||||||||
Other interesting topics