Using SHA for an SQL validation

Hello.  In my login page I am taking the password and querrying my database to see if the username and password match.  My passwords are hashed using SHA in my database.  What C# method call do I use to translate the password supplied into my hashed passwords?  Thanks.
Who is Participating?
Timbo87Connect With a Mentor Commented:
string password = txtPassword.Text;

string hash = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");

Don't let the name fool you, it's not only "for storing in config file". It's a plain and simple hashing function that supports SHA1 or MD5.
This is quite possibly the longest method name in the .NET Framework. :)

System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile("password", "sha1");

The problem with saving and restoring hash codes to and from a database is related to the conversion between bytes and strings. The conversion from string to bytes (when user enter a password) can be dealed with System.Encoding class (it can be UFT8, Unicode, ISO-8859-1 or anything else). The conversion from bytes to string can be done using the formatter "X2" of the Object.ToString() method, so that you can have a string to save into the DB. I wrote a simple program that gets in input a string and outputs its SHA1 hash code in hexadecimal chars (divided by a space). You can use this string representation of hash bytes to make confrontations on the database.

using System;
using System.Text;
using System.Globalization;
using System.Security.Cryptography;      

class Hasher
            public static string BytesToHex(byte[] inbytes, char divide)
                  StringBuilder sb = new StringBuilder();
                  foreach (Byte b in inbytes)
                  return sb.ToString().Trim();

            static void Main(string[] args)
                  HashAlgorithm hash = new SHA1Managed();
                  if (args.Length<1)
                        Console.WriteLine("Usage: Hasher [string]");
                  string inputstring = args[0];
                  byte[] bytePhrase = Encoding.UTF8.GetBytes(inputstring);
                  byte[] result = hash.Hash;

                  Console.WriteLine("The hash for {0} is: {1}",inputstring,Hasher.BytesToHex(result,' '));
ike2010Author Commented:
Maybe I wasn't clear.  I have a username and password box on the login page.  I want to pull that data and match it against my SQL database.  For example:

username:  john
password:   doe

In my database, this might look like:
Username:  john
password:  E9876D97897XJ8979DD343  (SHA password, you get the idea)

So, when the user clicks the login button, it fires a method called, say, loginButton_onClick(string user, string pass)

In this method, I need to know how to translate the supplied password (doe) into a hash that will match what is in my database.  I will then supply this in my querry to the database.  
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.