Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Using SHA for an SQL validation

Posted on 2004-09-17
4
Medium Priority
?
262 Views
Last Modified: 2010-04-15
Hello.  In my login page I am taking the password and querrying my database to see if the username and password match.  My passwords are hashed using SHA in my database.  What C# method call do I use to translate the password supplied into my hashed passwords?  Thanks.
0
Comment
Question by:ike2010
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Timbo87
ID: 12088380
This is quite possibly the longest method name in the .NET Framework. :)

System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile("password", "sha1");
0
 

Expert Comment

by:axsaxs
ID: 12094493

The problem with saving and restoring hash codes to and from a database is related to the conversion between bytes and strings. The conversion from string to bytes (when user enter a password) can be dealed with System.Encoding class (it can be UFT8, Unicode, ISO-8859-1 or anything else). The conversion from bytes to string can be done using the formatter "X2" of the Object.ToString() method, so that you can have a string to save into the DB. I wrote a simple program that gets in input a string and outputs its SHA1 hash code in hexadecimal chars (divided by a space). You can use this string representation of hash bytes to make confrontations on the database.


using System;
using System.Text;
using System.Globalization;
using System.Security.Cryptography;      


class Hasher
      {
            public static string BytesToHex(byte[] inbytes, char divide)
            {
                  StringBuilder sb = new StringBuilder();
                  foreach (Byte b in inbytes)
                  {
                        sb.Append(b.ToString("X2"));
                        sb.Append(divide);
                  }
                  return sb.ToString().Trim();
            }

            [STAThread]
            static void Main(string[] args)
            {
                  HashAlgorithm hash = new SHA1Managed();
                  if (args.Length<1)
                  {
                        Console.WriteLine("Usage: Hasher [string]");
                        return;
                  }
                  string inputstring = args[0];
                  byte[] bytePhrase = Encoding.UTF8.GetBytes(inputstring);
                  hash.ComputeHash(bytePhrase);
                  byte[] result = hash.Hash;

                  Console.WriteLine("The hash for {0} is: {1}",inputstring,Hasher.BytesToHex(result,' '));
            }
      }
0
 

Author Comment

by:ike2010
ID: 12129675
Maybe I wasn't clear.  I have a username and password box on the login page.  I want to pull that data and match it against my SQL database.  For example:

username:  john
password:   doe

In my database, this might look like:
Username:  john
password:  E9876D97897XJ8979DD343  (SHA password, you get the idea)

So, when the user clicks the login button, it fires a method called, say, loginButton_onClick(string user, string pass)

In this method, I need to know how to translate the supplied password (doe) into a hash that will match what is in my database.  I will then supply this in my querry to the database.  
0
 
LVL 15

Accepted Solution

by:
Timbo87 earned 500 total points
ID: 12129818
string password = txtPassword.Text;

string hash = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");

Don't let the name fool you, it's not only "for storing in config file". It's a plain and simple hashing function that supports SHA1 or MD5.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question