Solved

Using SHA for an SQL validation

Posted on 2004-09-17
4
256 Views
Last Modified: 2010-04-15
Hello.  In my login page I am taking the password and querrying my database to see if the username and password match.  My passwords are hashed using SHA in my database.  What C# method call do I use to translate the password supplied into my hashed passwords?  Thanks.
0
Comment
Question by:ike2010
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Timbo87
ID: 12088380
This is quite possibly the longest method name in the .NET Framework. :)

System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile("password", "sha1");
0
 

Expert Comment

by:axsaxs
ID: 12094493

The problem with saving and restoring hash codes to and from a database is related to the conversion between bytes and strings. The conversion from string to bytes (when user enter a password) can be dealed with System.Encoding class (it can be UFT8, Unicode, ISO-8859-1 or anything else). The conversion from bytes to string can be done using the formatter "X2" of the Object.ToString() method, so that you can have a string to save into the DB. I wrote a simple program that gets in input a string and outputs its SHA1 hash code in hexadecimal chars (divided by a space). You can use this string representation of hash bytes to make confrontations on the database.


using System;
using System.Text;
using System.Globalization;
using System.Security.Cryptography;      


class Hasher
      {
            public static string BytesToHex(byte[] inbytes, char divide)
            {
                  StringBuilder sb = new StringBuilder();
                  foreach (Byte b in inbytes)
                  {
                        sb.Append(b.ToString("X2"));
                        sb.Append(divide);
                  }
                  return sb.ToString().Trim();
            }

            [STAThread]
            static void Main(string[] args)
            {
                  HashAlgorithm hash = new SHA1Managed();
                  if (args.Length<1)
                  {
                        Console.WriteLine("Usage: Hasher [string]");
                        return;
                  }
                  string inputstring = args[0];
                  byte[] bytePhrase = Encoding.UTF8.GetBytes(inputstring);
                  hash.ComputeHash(bytePhrase);
                  byte[] result = hash.Hash;

                  Console.WriteLine("The hash for {0} is: {1}",inputstring,Hasher.BytesToHex(result,' '));
            }
      }
0
 

Author Comment

by:ike2010
ID: 12129675
Maybe I wasn't clear.  I have a username and password box on the login page.  I want to pull that data and match it against my SQL database.  For example:

username:  john
password:   doe

In my database, this might look like:
Username:  john
password:  E9876D97897XJ8979DD343  (SHA password, you get the idea)

So, when the user clicks the login button, it fires a method called, say, loginButton_onClick(string user, string pass)

In this method, I need to know how to translate the supplied password (doe) into a hash that will match what is in my database.  I will then supply this in my querry to the database.  
0
 
LVL 15

Accepted Solution

by:
Timbo87 earned 125 total points
ID: 12129818
string password = txtPassword.Text;

string hash = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");

Don't let the name fool you, it's not only "for storing in config file". It's a plain and simple hashing function that supports SHA1 or MD5.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Hi all and welcome to my first article on Experts Exchange. A while ago, someone asked me if i could do some tutorials on object oriented programming. I decided to do them on C#. Now you may ask me, why's that? Well, one of the re…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question