By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,369 Members | 950 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,369 IT Pros & Developers. It's quick & easy.

Why won't user's details go into Access db?

P: 56
Hello

I have a new user register form that requires a username and password with a MS Access db with two fields only, username and password.

The username and password, as a plain text password, successfully go into the db. However, when I attempt to salt/hash the password, it fails. I don't get any errors either in Visual Studio or online, and the form and the form field data simply stay in page - that is, nothing happens.

This is the code I am using (trimmed):

Expand|Select|Wrap|Line Numbers
  1. Imports Microsoft.AspNet.Membership.OpenAuth
  2. Imports System
  3. Imports System.Linq
  4. Imports System.Web
  5. Imports System.Web.UI
  6. Imports System.Data.OleDb
  7. Imports System.Security.Cryptography
  8.  
  9.  
  10. Partial Class register1
  11.  
  12.     Inherits System.Web.UI.Page
  13.  
  14.     Sub New()
  15.         MyBase.New()
  16.  
  17.     End Sub
  18.  
  19. Protected Sub btnReg_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnReg.Click
  20.         Try
  21.             Using conn As OleDbConnection = New OleDbConnection(System.Configuration.ConfigurationManager.ConnectionStrings("students").ConnectionString)
  22.  
  23.                 Dim Sql As String = "INSERT INTO university (username,[password],strEmail) VALUES (@username,@password,@strEmail)"
  24.  
  25.                 Dim cmd As New OleDbCommand(Sql, conn)
  26.  
  27.                 conn.Open()
  28.  
  29.                 cmd.Parameters.AddWithValue("@username", username.Text)
  30.                 cmd.Parameters.AddWithValue("@password", password.Text)
  31.                 cmd.Parameters.AddWithValue("@strEmail", strEmail.Text)
  32.  
  33.                 cmd.ExecuteNonQuery()
  34.  
  35.                 conn.Close()
  36.  
  37.             End Using
  38.  
  39.  End Try
  40.  
  41.     End Sub
  42.  
  43.  Public Sub New(password As String)
  44.  
  45.         Dim saltBytes = New Byte(31) {}
  46.         Dim Salt As String = ""
  47.         Dim Hash As String = ""
  48.  
  49.         Using provider = New RNGCryptoServiceProvider()
  50.             provider.GetNonZeroBytes(saltBytes)
  51.         End Using
  52.         Salt = Convert.ToBase64String(saltBytes)
  53.         Hash = ComputeHash(Salt, password)
  54.     End Sub
  55.  
  56.     Private Shared Function ComputeHash(salt As String, password As String) As String
  57.         Dim saltBytes = Convert.FromBase64String(salt)
  58.         Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, 1000)
  59.             Return Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(512))
  60.         End Using
  61.     End Function
  62.  
  63.     Public Shared Function Verify(salt As String, hash As String, password As String) As Boolean
  64.         Return hash = ComputeHash(salt, password)
  65.     End Function
  66.  
  67. End Class
I can only see that the word 'password' links these two different sets of code - is that the problem? Or do I need other columns in the db?

Thank you for any help.

Blueie
Mar 12 '16 #1
Share this question for a faster answer!
Share on Google+

Post your reply

Sign in to post your reply or Sign up for a free account.