By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,359 Members | 1,543 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,359 IT Pros & Developers. It's quick & easy.

validating a password string

P: n/a
i am storing a usernames and passwords in a table called Users.

I present a login form to the user when my application starts up
(VB.NET, .NET CF, Windows Mobile 5)

The user chooses a username from a combo box that queries the Users
table. Then they type in a password string.

I then use the following code to validate the string when the user
clicks on the Submit menu item

Private Sub Submit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Submit.Click
vUserName = Me.UserCombo.Text 'set variable for use later in
the app
'MsgBox(vUserName)

Dim vPassword2 As String
vPassword2 =
CStr(Me.UsersTableAdapter.GetPassword(UserDataSet. Users, vUserName))
'MsgBox(vPassword2)

If vPassword2 <Me.UserPassword.Text Then
MessageBox.Show("Login Failed. Please try again.",
"Login", MessageBoxButtons.OK, MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1)
'refill the username list with all options
Me.UsersTableAdapter.Fill(UserDataSet.Users)
Else
Dim frmMainMenu As New SystemMenu 'create the system menu
class
frmMainMenu.Show()

End If
End Sub

I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.

Ryan

Aug 23 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
ryan,

Why are you using passwords (assuming that it is for a window application)
and not the integrated windows validation?

http://msdn2.microsoft.com/en-us/lib...principal.aspx

Cor

"ryan" <ry********@gmail.comschreef in bericht
news:11**********************@i13g2000prf.googlegr oups.com...
>i am storing a usernames and passwords in a table called Users.

I present a login form to the user when my application starts up
(VB.NET, .NET CF, Windows Mobile 5)

The user chooses a username from a combo box that queries the Users
table. Then they type in a password string.

I then use the following code to validate the string when the user
clicks on the Submit menu item

Private Sub Submit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Submit.Click
vUserName = Me.UserCombo.Text 'set variable for use later in
the app
'MsgBox(vUserName)

Dim vPassword2 As String
vPassword2 =
CStr(Me.UsersTableAdapter.GetPassword(UserDataSet. Users, vUserName))
'MsgBox(vPassword2)

If vPassword2 <Me.UserPassword.Text Then
MessageBox.Show("Login Failed. Please try again.",
"Login", MessageBoxButtons.OK, MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1)
'refill the username list with all options
Me.UsersTableAdapter.Fill(UserDataSet.Users)
Else
Dim frmMainMenu As New SystemMenu 'create the system menu
class
frmMainMenu.Show()

End If
End Sub

I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.

Ryan
Aug 24 '07 #2

P: n/a
Cor

Thanks for responding. This application is a commercial windows mobile
app that is sync'ed with a desktop client / SQL. The end user can set
up in the desktop app user profiles, names, passwords, and roles
specific to the application.

I actually got it to work with a revision to my code:

Private Sub Submit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Submit.Click
vUserName = Me.UserCombo.Text 'set variable for use later in
the app
'MsgBox(vUserName)

Me.UsersTableAdapter.GetPassword(UserDataSet.Users , vUserName)

Dim vPassword1 As String
Dim vPassword2 As String
Dim compare As StringComparison
Dim i As Boolean

vPassword1 = Me.hiddenpassword.Text

vPassword2 = Me.UserPassword.Text
'MsgBox(vPassword2)

i = String.Equals(vPassword1, vPassword2, compare)

If i = False Then
MessageBox.Show("Login Failed. Please try again.",
"Login", MessageBoxButtons.OK, MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1)
'refill the username list with all options
Me.UsersTableAdapter.Fill(UserDataSet.Users)
Else
Dim frmMainMenu As New SystemMenu 'create the system menu
class
frmMainMenu.Show()

End If
End Sub

I am fairly new to VB.net so any feedback would be appreciated!!!

Ryan

On Aug 23, 10:45 pm, "Cor Ligthert[MVP]" <notmyfirstn...@planet.nl>
wrote:
ryan,

Why are you using passwords (assuming that it is for a window application)
and not the integrated windows validation?

http://msdn2.microsoft.com/en-us/lib...y.principal.wi...

Cor

"ryan" <ryansyt...@gmail.comschreef in berichtnews:11**********************@i13g2000prf.g ooglegroups.com...
i am storing a usernames and passwords in a table called Users.
I present a login form to the user when my application starts up
(VB.NET, .NET CF, Windows Mobile 5)
The user chooses a username from a combo box that queries the Users
table. Then they type in a password string.
I then use the following code to validate the string when the user
clicks on the Submit menu item
Private Sub Submit_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Submit.Click
vUserName = Me.UserCombo.Text 'set variable for use later in
the app
'MsgBox(vUserName)
Dim vPassword2 As String
vPassword2 =
CStr(Me.UsersTableAdapter.GetPassword(UserDataSet. Users, vUserName))
'MsgBox(vPassword2)
If vPassword2 <Me.UserPassword.Text Then
MessageBox.Show("Login Failed. Please try again.",
"Login", MessageBoxButtons.OK, MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1)
'refill the username list with all options
Me.UsersTableAdapter.Fill(UserDataSet.Users)
Else
Dim frmMainMenu As New SystemMenu 'create the system menu
class
frmMainMenu.Show()
End If
End Sub
I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.
Ryan- Hide quoted text -

- Show quoted text -

Aug 24 '07 #3

P: n/a
ryan wrote:
I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.
(1) Don't retrieve the password to compare it. Just ask the database to
count the User records where the username and password are the ones
entered. If you count comes back as 1, all is well.

(2) Don't even store passwords!
Get hold of a [one-way] encryption routine, use that in the client
application and store/compare the encrypted version.

That way, if anyone steals your database or tries to intercept the
network traffic, they don't get anything useful.

HTH,
Phill W.
Aug 24 '07 #4

P: n/a
On Aug 24, 11:28 am, "Phill W." <p-.-a-.-w-a-r...@-o-p-e-n-.-a-c-.-u-
kwrote:
ryan wrote:
I am not able to get this to compare and validate the password string.
any advice, comments or experience would be most appreciated.
thanks Phil

I will do that!

Ryan
(1) Don't retrieve the password to compare it. Just ask the database to
count the User records where the username and password are the ones
entered. If you count comes back as 1, all is well.

(2) Don't even store passwords!
Get hold of a [one-way] encryption routine, use that in the client
application and store/compare the encrypted version.

That way, if anyone steals your database or tries to intercept the
network traffic, they don't get anything useful.

HTH,
Phill W.

Aug 24 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.