469,607 Members | 2,207 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,607 developers. It's quick & easy.

I saved password into the database with "binary" data type from GetByte method. How can I to compare the password that between database and transfered from the page?

Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
Benny Ng
Jan 19 '06 #1
3 3609
"Benny Ng" <be**********@hotmail.com> wrote in message
news:uW**************@TK2MSFTNGP11.phx.gbl...
The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?


Not seeing the StoredProcedure, it is unclear exactly what is being done
here other than passing the username and hashed password to the database. In
most cases, a one way hash is sufficient for passwords. You do not need to
retrieve a password, only compare the saved hash against the hashed version
of the user entered value. If the values match, then you have authenticated
their credentials. If not, then it is not valid. It is more secure to give
the user the ability to change their password, or possibly reset it, but
never to retrieve it.

Jim Wooley
Jan 20 '06 #2
Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the
database password and then compare.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."

"Benny Ng" <be**********@hotmail.com> wrote in message
news:uW**************@TK2MSFTNGP11.phx.gbl...
Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider = hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
Benny Ng

Jan 22 '06 #3
Hi,All,

I found the reason about this. Because this application is based on
Enterprise Library. So When I set the option about the encryption. I
selected the "Salt Enabled". And as we know the salt is randomly generated
by the system (or by us) . So the method that I used to compare the equal of
both password wouldn't be runs properly. But at last I used the intrinsic
method of Identity Authentication (likes the logon page) to compare the
coming password and the existed one. It's successfully.

So, In here I'm appreciated for everyone's concentrated and helps.

Thank you very much.

Benny Ng
MSN: be**********@hotmail.com
"Christopher Reed" <ca****@nospam.nospam> wrote in message
news:%2******************@TK2MSFTNGP09.phx.gbl...
Once you have saved the password, every time a user logs in with that
password, encrypt the typed value using the same encryption as with the
database password and then compare.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."

"Benny Ng" <be**********@hotmail.com> wrote in message
news:uW**************@TK2MSFTNGP11.phx.gbl...
Dear all,

The following is the source. The password is encrypted and saved into the
Binary in SQL2K.
Now I want to create a new page to compare the existed password and the
password that in the database.
But I don't know how to used source code to solve it. Can you help me?
Urgently!

<<<<<<Save Method<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider =
hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
<<<<<<Get Method from SQL2K<<<<<<

HashProviderFactory hashProviderFactory = new HashProviderFactory();
this.hashProvider =
hashProviderFactory.CreateHashProvider("SHA1Manage d");
byte[] password =
hashProvider.CreateHash(Encoding.Unicode.GetBytes( TxtPassword.Text));

DBCommandWrapper DBCW_Edit =
db.GetStoredProcCommandWrapper(CPEditSalesmanPassw ord);
DBCW_Edit.AddInParameter("@Id", DbType.Double, objSalesMan.Id);
DBCW_Edit.AddInParameter("@Password", DbType.Binary, password);
db.ExecuteNonQuery(DBCW_Edit);
Benny Ng


Jan 25 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by projecktzero | last post: by
4 posts views Thread by Daedric | last post: by
6 posts views Thread by | last post: by
reply views Thread by Wescotte | last post: by
6 posts views Thread by Barry | last post: by
3 posts views Thread by Me Alone | last post: by
reply views Thread by guiromero | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.