Solved

Using SHA for an SQL validation

Posted on 2004-09-17
4
255 Views
Last Modified: 2010-04-15
Hello.  In my login page I am taking the password and querrying my database to see if the username and password match.  My passwords are hashed using SHA in my database.  What C# method call do I use to translate the password supplied into my hashed passwords?  Thanks.
0
Comment
Question by:ike2010
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Timbo87
ID: 12088380
This is quite possibly the longest method name in the .NET Framework. :)

System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile("password", "sha1");
0
 

Expert Comment

by:axsaxs
ID: 12094493

The problem with saving and restoring hash codes to and from a database is related to the conversion between bytes and strings. The conversion from string to bytes (when user enter a password) can be dealed with System.Encoding class (it can be UFT8, Unicode, ISO-8859-1 or anything else). The conversion from bytes to string can be done using the formatter "X2" of the Object.ToString() method, so that you can have a string to save into the DB. I wrote a simple program that gets in input a string and outputs its SHA1 hash code in hexadecimal chars (divided by a space). You can use this string representation of hash bytes to make confrontations on the database.


using System;
using System.Text;
using System.Globalization;
using System.Security.Cryptography;      


class Hasher
      {
            public static string BytesToHex(byte[] inbytes, char divide)
            {
                  StringBuilder sb = new StringBuilder();
                  foreach (Byte b in inbytes)
                  {
                        sb.Append(b.ToString("X2"));
                        sb.Append(divide);
                  }
                  return sb.ToString().Trim();
            }

            [STAThread]
            static void Main(string[] args)
            {
                  HashAlgorithm hash = new SHA1Managed();
                  if (args.Length<1)
                  {
                        Console.WriteLine("Usage: Hasher [string]");
                        return;
                  }
                  string inputstring = args[0];
                  byte[] bytePhrase = Encoding.UTF8.GetBytes(inputstring);
                  hash.ComputeHash(bytePhrase);
                  byte[] result = hash.Hash;

                  Console.WriteLine("The hash for {0} is: {1}",inputstring,Hasher.BytesToHex(result,' '));
            }
      }
0
 

Author Comment

by:ike2010
ID: 12129675
Maybe I wasn't clear.  I have a username and password box on the login page.  I want to pull that data and match it against my SQL database.  For example:

username:  john
password:   doe

In my database, this might look like:
Username:  john
password:  E9876D97897XJ8979DD343  (SHA password, you get the idea)

So, when the user clicks the login button, it fires a method called, say, loginButton_onClick(string user, string pass)

In this method, I need to know how to translate the supplied password (doe) into a hash that will match what is in my database.  I will then supply this in my querry to the database.  
0
 
LVL 15

Accepted Solution

by:
Timbo87 earned 125 total points
ID: 12129818
string password = txtPassword.Text;

string hash = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");

Don't let the name fool you, it's not only "for storing in config file". It's a plain and simple hashing function that supports SHA1 or MD5.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now