?
Solved

Using SHA for an SQL validation

Posted on 2004-09-17
4
Medium Priority
?
264 Views
Last Modified: 2010-04-15
Hello.  In my login page I am taking the password and querrying my database to see if the username and password match.  My passwords are hashed using SHA in my database.  What C# method call do I use to translate the password supplied into my hashed passwords?  Thanks.
0
Comment
Question by:ike2010
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Timbo87
ID: 12088380
This is quite possibly the longest method name in the .NET Framework. :)

System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile("password", "sha1");
0
 

Expert Comment

by:axsaxs
ID: 12094493

The problem with saving and restoring hash codes to and from a database is related to the conversion between bytes and strings. The conversion from string to bytes (when user enter a password) can be dealed with System.Encoding class (it can be UFT8, Unicode, ISO-8859-1 or anything else). The conversion from bytes to string can be done using the formatter "X2" of the Object.ToString() method, so that you can have a string to save into the DB. I wrote a simple program that gets in input a string and outputs its SHA1 hash code in hexadecimal chars (divided by a space). You can use this string representation of hash bytes to make confrontations on the database.


using System;
using System.Text;
using System.Globalization;
using System.Security.Cryptography;      


class Hasher
      {
            public static string BytesToHex(byte[] inbytes, char divide)
            {
                  StringBuilder sb = new StringBuilder();
                  foreach (Byte b in inbytes)
                  {
                        sb.Append(b.ToString("X2"));
                        sb.Append(divide);
                  }
                  return sb.ToString().Trim();
            }

            [STAThread]
            static void Main(string[] args)
            {
                  HashAlgorithm hash = new SHA1Managed();
                  if (args.Length<1)
                  {
                        Console.WriteLine("Usage: Hasher [string]");
                        return;
                  }
                  string inputstring = args[0];
                  byte[] bytePhrase = Encoding.UTF8.GetBytes(inputstring);
                  hash.ComputeHash(bytePhrase);
                  byte[] result = hash.Hash;

                  Console.WriteLine("The hash for {0} is: {1}",inputstring,Hasher.BytesToHex(result,' '));
            }
      }
0
 

Author Comment

by:ike2010
ID: 12129675
Maybe I wasn't clear.  I have a username and password box on the login page.  I want to pull that data and match it against my SQL database.  For example:

username:  john
password:   doe

In my database, this might look like:
Username:  john
password:  E9876D97897XJ8979DD343  (SHA password, you get the idea)

So, when the user clicks the login button, it fires a method called, say, loginButton_onClick(string user, string pass)

In this method, I need to know how to translate the supplied password (doe) into a hash that will match what is in my database.  I will then supply this in my querry to the database.  
0
 
LVL 15

Accepted Solution

by:
Timbo87 earned 500 total points
ID: 12129818
string password = txtPassword.Text;

string hash = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");

Don't let the name fool you, it's not only "for storing in config file". It's a plain and simple hashing function that supports SHA1 or MD5.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In order to hide the "ugly" records selectors (triangles) in the rowheaders, here are some suggestions. Microsoft doesn't have a direct method/property to do it. You can only hide the rowheader column. First solution, the easy way The first sol…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Integration Management Part 2
Suggested Courses
Course of the Month16 days, 17 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question