Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

getting a hashed password

Status
Not open for further replies.
dushkin

dushkin

Programmer
Mar 28, 2002
90
0
0
US
hi. i am new to sql and recently wrote a login.aspx script that doesn't work no matter what i seem to do. I have a SHA1 hashed password in the database and i am wondering if there is something in particular i have to do to verify it. It authenticates true or false based on the email/pass match. code below:

Code: 
if(Page.IsValid) 
	{

	bool authenticated;
	SqlDataReader reader;
	const string connStr = 
	"data source= SERVER\\NETSDK;" +
		"Initial Catalog = master;" +
		"User ID = sa;" +
		"Password =";
	SqlConnection conn=new SqlConnection(connStr);
	String sHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(Pass.Text,"SHA1");
	string sql = "SELECT EmailAddress FROM members WHERE EmailAddress ='" +
	Email.Text + "' AND Password ='"+ sHashedPassword +"'";
	SqlCommand comm=new SqlCommand(sql, conn);
	conn.Open();

	reader=comm.ExecuteReader();
			
	if(reader.Read()) 
			
	{
		authenticated = true;
	}
			
		else 
	{
		authenticated = false;
	}
		
		reader.Close();
		conn.Close();
		conn.Dispose();
	}

}
 
Sort by date Sort by votes
let me put this another way...

how does one match the hashed password in login to sql server with the hashed password that exists in the Members
file? I can't hash it again. How do you get the appropriate SHA1 hash at login to match the already hashed
pwd in the database?

any help would be appreciated.

thanks.
 
Upvote 0 Downvote
you have to hash the password the user enters and then compare that result to the saved hash value.

"Shoot Me! Shoot Me NOW!!!"
- Daffy Duck
 
Upvote 0 Downvote
that is what i guess i am not understanding.
the registered hash is on the word "duck", lets say.
the hash is "thrhehdhcnfhhsdhg", lets say.
now, on login, the hash on "duck", gets a encrypted
value of "nkaswdfasjsdf"... something completely
different. in this way, no two passwords will ever
match up. what am i doing wrong?

thanks again.
 
Upvote 0 Downvote
looks like your encryption key is diffrent. I'm not an expert on encryption or sha1 but that would be my guess.

"Shoot Me! Shoot Me NOW!!!"
- Daffy Duck
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

baran121
  • Locked
  • Question
take a database from system databse place
Replies
2
Views
80
iambob
iambob
TheBugSlayer
  • Locked
  • Question
High Availability - insert fails on primary replica but runs on secondary after failover.
Replies
0
Views
79
TheBugSlayer
TheBugSlayer
RRinTetons
  • Locked
  • Question
Logging into a database using SSMS from non-domain machine
Replies
1
Views
103
fredericofonseca
fredericofonseca
tekpr00
  • Locked
  • Question
Hello I am new to a new organizatio
Replies
1
Views
50
johnherman
johnherman
tekpr00
  • Locked
  • Question
Backups in a multiserver environment while using Central Management Server and Server Groups
Replies
0
Views
58
tekpr00
tekpr00

Part and Inventory Search

Sponsor

Back
Top