I am having a rather unusual issue with a .NET website and user logins.
Now I am away the obvious answer is that the user is entering their details incorrectly however this is reported to not be the case.
The issue is that a handful of users are reporting that their details that have been sent are not working correctly. The login is handled using a SQL lookup of the users password hash and compares it to the entered password hash.
When I check the users login credentials it works perfectly every time without fail, however when the user tries using the same information the login attempt fails.
Is there any reason that this would happen? Is there something going wrong with the hashing of the users password that happens intermittently?
It has got me baffled but I need to find a solution.
The code for the login check is:
authHash = (// CODE RETURNED FROM SQL LOOKUP FROM USER)
// Check password matches database for user
string saltAndPwd = String.Concat(authPassword, authSalt);
string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPwd, "SHA1");
if (hashedPwd == authHash)
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
// User has logged in
txtResult.Text = "Invalid login credentials!";
Any help or advice would be greatly appreciated.