Link to home
Start Free TrialLog in
Avatar of sqdperu
sqdperuFlag for United States of America

asked on

VB.NET code to generate and MD5 hash value identical to the one generated by MS SQL Hashbytes function?

I am working with a Store Procedure where a user enters their new password and their entry is hashed and stored in an SQL server table.

The code in the Stored Procedure that does the hashing is this:

set @hash_pass = CONVERT(VARCHAR(32),HASHBYTES('MD5',@user_pass),2)

Open in new window



The hash_pass value is what is stored in table field for the password.

In my ASP.NET web forms app with VB.NET code behind I have a login form.  In the code behind, I want to take the user's password, hash it, and send the hashed value to the store procedure that validates the login with the previously hashed and stored value from the code above.

This is the code I have tried so far, but the string output looks nothing like the hashed value generated from the stored procedure and therefore no match and login fails (even though password is correct).

How  do I change this VB.NET code so the generated hash matches what the stored procedure generates for the same text string?

    Private Function GenerateHash(ByVal SourceText As String) As String

        Dim Ue As New UnicodeEncoding()
        Dim ByteSourceText() As Byte = Ue.GetBytes(SourceText)
        Dim Md5 As New MD5CryptoServiceProvider()
        Dim ByteHash() As Byte = Md5.ComputeHash(ByteSourceText)

        'Debug.Print(Convert.ToBase64String(ByteHash).ToString)

        Return Convert.ToBase64String(ByteHash)

    End Function

Open in new window


Thanks,
ASKER CERTIFIED SOLUTION
Avatar of slightwv (䄆 Netminder)
slightwv (䄆 Netminder)

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I use hashlib
HashLib.HashResult r = hash.ComputeString(weakPasswordVariation, Encoding.Unicode);

Open in new window

https://www.nuget.org/packages/HashLib/
Avatar of sqdperu

ASKER

slightwv,

Thanks for the advice.   The data I am accessing is not mine so I have to play by their rules to access it.

Thanks for the link.  I was able to figure it out from that.
Avatar of sqdperu

ASKER

Thanks