validating a password string

ryan,

Why are you using passwords (assuming that it is for a window application)
and not the integrated windows validation?

http://msdn2.microsoft.com/en-us/lib...principal.aspx

Cor

"ryan" <ry********@gma il.comschreef in bericht
news:11******** **************@ i13g2000prf.goo glegroups.com.. .

>i am storing a usernames and passwords in a table called Users.

I present a login form to the user when my application starts up
(VB.NET, .NET CF, Windows Mobile 5)

The user chooses a username from a combo box that queries the Users
table. Then they type in a password string.

I then use the following code to validate the string when the user
clicks on the Submit menu item

Private Sub Submit_Click(By Val sender As System.Object, ByVal e As
System.EventArg s) Handles Submit.Click
vUserName = Me.UserCombo.Te xt 'set variable for use later in
the app
'MsgBox(vUserNa me)

Dim vPassword2 As String
vPassword2 =
CStr(Me.UsersTa bleAdapter.GetP assword(UserDat aSet.Users, vUserName))
'MsgBox(vPasswo rd2)

If vPassword2 <Me.UserPasswor d.Text Then
MessageBox.Show ("Login Failed. Please try again.",
"Login", MessageBoxButto ns.OK, MessageBoxIcon. Exclamation,
MessageBoxDefau ltButton.Button 1)
'refill the username list with all options
Me.UsersTableAd apter.Fill(User DataSet.Users)
Else
Dim frmMainMenu As New SystemMenu 'create the system menu
class
frmMainMenu.Sho w()

End If
End Sub

I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.

Ryan

Cor

Thanks for responding. This application is a commercial windows mobile
app that is sync'ed with a desktop client / SQL. The end user can set
up in the desktop app user profiles, names, passwords, and roles
specific to the application.

I actually got it to work with a revision to my code:

Private Sub Submit_Click(By Val sender As System.Object, ByVal e As
System.EventArg s) Handles Submit.Click
vUserName = Me.UserCombo.Te xt 'set variable for use later in
the app
'MsgBox(vUserNa me)

Me.UsersTableAd apter.GetPasswo rd(UserDataSet. Users, vUserName)

Dim vPassword1 As String
Dim vPassword2 As String
Dim compare As StringCompariso n
Dim i As Boolean

vPassword1 = Me.hiddenpasswo rd.Text

vPassword2 = Me.UserPassword .Text
'MsgBox(vPasswo rd2)

i = String.Equals(v Password1, vPassword2, compare)

If i = False Then
MessageBox.Show ("Login Failed. Please try again.",
"Login", MessageBoxButto ns.OK, MessageBoxIcon. Exclamation,
MessageBoxDefau ltButton.Button 1)
'refill the username list with all options
Me.UsersTableAd apter.Fill(User DataSet.Users)
Else
Dim frmMainMenu As New SystemMenu 'create the system menu
class
frmMainMenu.Sho w()

End If
End Sub

I am fairly new to VB.net so any feedback would be appreciated!!!

Ryan

On Aug 23, 10:45 pm, "Cor Ligthert[MVP]" <notmyfirstn... @planet.nl>
wrote:

ryan,

Why are you using passwords (assuming that it is for a window application)
and not the integrated windows validation?

http://msdn2.microsoft.com/en-us/lib...y.principal.wi...

Cor

"ryan" <ryansyt...@gma il.comschreef in berichtnews:11* *************** ******@i13g2000 prf.googlegroup s.com...

i am storing a usernames and passwords in a table called Users.

I present a login form to the user when my application starts up
(VB.NET, .NET CF, Windows Mobile 5)

The user chooses a username from a combo box that queries the Users
table. Then they type in a password string.

I then use the following code to validate the string when the user
clicks on the Submit menu item

Private Sub Submit_Click(By Val sender As System.Object, ByVal e As
System.EventArg s) Handles Submit.Click
vUserName = Me.UserCombo.Te xt 'set variable for use later in
the app
'MsgBox(vUserNa me)

Dim vPassword2 As String
vPassword2 =
CStr(Me.UsersTa bleAdapter.GetP assword(UserDat aSet.Users, vUserName))
'MsgBox(vPasswo rd2)

If vPassword2 <Me.UserPasswor d.Text Then
MessageBox.Show ("Login Failed. Please try again.",
"Login", MessageBoxButto ns.OK, MessageBoxIcon. Exclamation,
MessageBoxDefau ltButton.Button 1)
'refill the username list with all options
Me.UsersTableAd apter.Fill(User DataSet.Users)
Else
Dim frmMainMenu As New SystemMenu 'create the system menu
class
frmMainMenu.Sho w()

End If
End Sub

I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.

Ryan- Hide quoted text -

- Show quoted text -

ryan wrote:

I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.

(1) Don't retrieve the password to compare it. Just ask the database to
count the User records where the username and password are the ones
entered. If you count comes back as 1, all is well.

(2) Don't even store passwords!
Get hold of a [one-way] encryption routine, use that in the client
application and store/compare the encrypted version.

That way, if anyone steals your database or tries to intercept the
network traffic, they don't get anything useful.

HTH,
Phill W.

On Aug 24, 11:28 am, "Phill W." <p-.-a-.-w-a-r...@-o-p-e-n-.-a-c-.-u-
kwrote:

ryan wrote:

I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.

thanks Phil

I will do that!

Ryan

(1) Don't retrieve the password to compare it. Just ask the database to
count the User records where the username and password are the ones
entered. If you count comes back as 1, all is well.

(2) Don't even store passwords!
Get hold of a [one-way] encryption routine, use that in the client
application and store/compare the encrypted version.

That way, if anyone steals your database or tries to intercept the
network traffic, they don't get anything useful.

HTH,
Phill W.