Store Hash Password In SQL Server?
May 13, 2010
Is this how hashed password stored in SQL Server should look like? This is function I use to hash password (I found it in some tutorial)
public string EncryptPassword(string password)
{
//we use codepage 1252 because that is what sql server uses
byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password);
byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes);
return Encoding.GetEncoding(1252).GetString(hashBytes);
}
EDIT: I tried to use sha-1 and now strings seem to look like as they are suppose to:
public string EncryptPassword(string password)
{
return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");
}
// example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8
Result from the image above looks like broken string, but this sha-1 looks normal....
View 1 Replies
Similar Messages:
Nov 15, 2010
I am trying to insert a string and random number into the database as hash sha1 then loggin in against it. the problem is if I use hash it wont login but if i dont use hash the login works fine... Code below.
insert hash into db
Dim user As New Label
user.Visible = False
user.Text = (myDataReader2.Item("username"))
MyConnection2.Close()
Dim MyConnection3 As New Data.SqlClient.SqlConnection("Data Source=xxx")
Dim mycommand3 As New Data.SqlClient.SqlCommand("Update Register SET [Password] = @password WHERE [username] = '" & user.Text & "' AND [email] = '" & email.Text & "'", MyConnection3)
Dim pass As String
Dim rnd As Integer, randomNum As New Random
rnd = randomNum.Next(1000, 10000)
pass = "Pass" & rnd
mycommand3.Parameters.AddWithValue("@password", FormsAuthentication.HashPasswordForStoringInConfigFile(pass, "SHA1"))
MyConnection3.Open()
mycommand3.ExecuteNonQuery()
login page
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
' Fires upon attempting to authenticate the use
If Not (HttpContext.Current.User Is Nothing) Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then
Dim fi As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
Dim fat As FormsAuthenticationTicket = fi.Ticket
Dim astrRoles As String() = fat.UserData.Split("|"c)
HttpContext.Current.User = New GenericPrincipal(fi, astrRoles)
End If
End If
End If
End Sub
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim myConnection As New SqlClient.SqlConnection
Dim myCommand As New SqlClient.SqlCommand
Dim intUserCount As Integer
Dim strSQL As String
myConnection = New SqlClient.SqlConnection("Data Source=jrome2.db.4961680.hostedresource.com; Initial Catalog=jrome2; User ID=jrome2; Password=Richard050283;")
strSQL = "SELECT COUNT(*) FROM Register " _
& "WHERE UserName='" & Replace(txtusername.Text, "'", "''") & "' " _
& "AND Password='" & Replace(txtpassword.Text, "'", "''") & "';"
myCommand = New SqlClient.SqlCommand(strSQL, myConnection)
myConnection.Open()
intUserCount = myCommand.ExecuteScalar()
myConnection.Close()
'Response.Write(intUserCount)
If intUserCount > 0 Then
FormsAuthentication.Initialize()
Dim strRole As String = AssignRoles(txtusername.Text)
'The AddMinutes determines how long the user will be logged in after leaving
'the site if he doesn't log off.
Dim fat As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
txtusername.Text, DateTime.Now, _
DateTime.Now.AddMinutes(30), False, strRole, _
FormsAuthentication.FormsCookiePath)
Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, _
FormsAuthentication.Encrypt(fat)))
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtusername.Text, False))
Else
login.Text = "Incorrect Log In Information"
End If
End Sub
Private Function ValidateUser(ByVal strUsername As String, ByVal strPassword As String) _
As Boolean
'Return true if the username and password is valid, false if it isn't
Return CBool(strUsername = " & Replace(txtusername.Text, " AndAlso strPassword = " & Replace(txtpassword.Text, ")
End Function
Private Function AssignRoles(ByVal strUsername As String) As String
Dim myConnection As New SqlClient.SqlConnection
Dim myCommand As New SqlClient.SqlCommand
Dim intUserCount As Integer
Dim strSQL As String
myConnection = New SqlClient.SqlConnection("Data Source=jrome2.db.4961680.hostedresource.com; Initial Catalog=jrome2; User ID=jrome2; Password=Richard050283;")
strSQL = "SELECT COUNT(*) FROM Register " _
& "WHERE UserName='" & Replace(txtusername.Text, "'", "''") & "' " _
& "AND Password='" & Replace(txtpassword.Text, "'", "''") & "';"
myCommand = New SqlClient.SqlCommand(strSQL, myConnection)
myConnection.Open()
intUserCount = myCommand.ExecuteScalar()
myConnection.Close()
'Response.Write(intUserCount)
If intUserCount > 0 Then
Return "client"
Else
Return String.Empty
End If
End Function
Protected Sub LinkButton1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
txtusername.Text = String.Empty
txtpassword.Text = String.Empty
End Sub
View 1 Replies
Feb 15, 2010
i m trying to change my password. the password in database is in hash formatting. the class FormsAuthentication. is using for hash conversion. the password is indicating the same in if condition. but after if applying it suddenly go on else part , even the value on if condition is same.
View 2 Replies
Feb 12, 2011
I'm using the code below to authenticate a user in Active Directory, but the password is sending in clear text. How can I hash my password and then send it to Active Directory?
DirectoryEntry entry = new DirectoryEntry(path, username, pwd);
try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (string)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
View 1 Replies
Feb 17, 2011
I'm attempting to create a pure t-sql representation of the default SHA-1 password hashing in the ASP.Net Membership system. Ideally, what I would get would be this:
UserName Password GeneratedPassword
cbehrens 34098kw4D+FKJ== 34098kw4D+FKJ==
Note: that's bogus base-64 text there. I've got base64_encode and decode functions that round-trip correctly. Here's my attempt, which doesn't work: SELECT UserName, Password, dbo.base64_encode(HASHBYTES('SHA1', dbo.base64_decode(PasswordSalt) + 'test')) As TestPassword FROM aspnet_Users U JOIN aspnet_membership M ON U.UserID = M.UserID
I've tried a number of variations on the theme, to no avail. I need to do this in pure T-Sql; involving a console app or something like that will double the work. So if anyone can supply what precisely the syntax should be to duplicate that password from the ASP.Net membership stuff
View 2 Replies
May 31, 2012
I use this code to use in login
Code:
FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1")
My question is how about, i how can convert into a string where it display the user password so that i can send it to the user when he/she forgot it?
View 1 Replies
May 19, 2010
Hopefully someone knows a way to fix this issue, but here is my problem. I need to be able to recreate a md5 hash that will be the equivalent of the hash that php would generate.
The encoding I have tried is listed below. None of these will produce the same values.
UnicodeEncoding
UTF7Encoding
UTF8Encoding
UTF32Encoding
View 6 Replies
Mar 12, 2010
I am doing a md5 hash, and just want to make sure the result of:
md5.ComputeHash(bytePassword);
Is consistent regardless of the server?
e.g. windows 2003/2008 and 32/64 bit etc.
View 4 Replies
Aug 6, 2010
Is it possible to get window.location.hash on the server-side code alone? [URL]
View 2 Replies
Jan 12, 2011
I have a service (WCF) with which my ASP.NET page will communicate. The WCF service has hashed passwords in its data store (a file actually). The WCF service requires the username and the hashed password on every call. Nowm the problem I'm encountering is that if I authenticate the user with forms authentication in ASP.NET, a cookie will be saved in the user's computer after the user is authenticated but I would like to save the username and hashed password too so that the user may able to use the WCF service. Where should this information should be saved so that it is safe and secure? Should I use session variables? If I choose that option that, then should I switch from forms-based authentication and manually authenticate using session variables or use both forms-based autentication for web page access and store the username and hashed password in a session variable? What are the pros and cons of each?
View 2 Replies
Jun 27, 2012
I need to store a PW in a SQL table.
I would prefer it to not be clear-text and readable.
Do I use a one-way encryption? Is this what "salting" is?
What is the best practice to follow in this regard?
What do you all do for something like this????
View 1 Replies
May 21, 2012
I'm about to setup a new client with username and passwords that will be managed in the database.
I am not using the Membership provider - and I do not want to.
At any rate - other times I've done this I've stored the PW in clear text in a user table. I've seen commercial system that can send you your "existing" password so they must do basically the same thing.
I'm thinking for this setup I want to encrypt the password - probably a one-way encryption. Of course that means I can never give someone their password if they forget - I'll simply have to reset it to something unique and let them change it when they login.
What encryption methods are easy and quick to use?
Is there one I can do in Javascript so that I can encrypt in the browser and never have to actually POST a clear text password either??
View 2 Replies
Jul 15, 2010
I have two pages:
1) login and send username,password, machineID and a rand string to the server
2) check the machineID whether it exists in the table.
Problem is the checking machine procedure:
select MachineID from computer where MD5MachineID=@MD5MachineID2 and SUBSTRING((master.dbo.fn_varbintohexstr(HASHBYTES('MD5',MachineID+@RString))),3,32)=@MIDST
RString,MD5MachineID2,MIDST are submited by Login MD5MachineID is stored in table.
I need the check if MD5(MachineID+RString) is match the MIDST (submited).
Now the situation is :
if RString is a fixed string(not a variable).like 'abcdefg', the MD5 is correct.
if I use the RString (submited value as a variable), the MD5 is incorrect.
View 1 Replies
Jul 8, 2010
I am writing a simple plugin for IE. I need to store a password and username setting for the user who uses the plugin. I know that I can store the username/password in the registry, I can manually encrypt it using the encription classes with .NET, or I can store it in a config file and encrypt the config file. I was wondering if there is a specific pattern/mechanism that I should use to store password and username.
View 1 Replies
Feb 13, 2010
for maintain security, i encrypted my password and store in database like following
Dim PWD As
String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text.Trim(),
"SHA1").Trim()
but problem is suppose user forget his password and need to know then how can i decrypted the password and send to the user?is there any other suitable way to handle password?
View 4 Replies
Jan 18, 2011
Even with https enabled, you can write a password to the event log in code-behind. Any way to keep that password encrypted in code while you're checking it against a data store?
(using Login control)
(couldn't add comment to Andrew's answer, so I'm putting it here)
NTLM uses the username/password of the machine the user is logged into right? For this, I was thinking using ActiveDirectory on the server as the data store. It would have a diferrent un/pw than what the user is currently signed in to their machine as.
View 3 Replies
Oct 2, 2013
I want to to encrypt password show me the query for encryption password
View 1 Replies
Aug 12, 2010
I have a custom membership user class and custom MembershipProvider working against database. Due to security reasons the user passwords are stored in the database as hashed values. So my procedure
public override bool ValidateUser(string username, string password) is
{
//select hashed password from db
return (EncodePassword(password) == dbpassword)
}
[code]....
View 4 Replies
Oct 22, 2010
Below is the code I use to store file into database but there are a few problems.
1. couldn't store file larger than 4mb
2. couldn't store doc,docx,xlsx but only .txt
my table column are:
[code]....
View 2 Replies
Mar 14, 2011
I can recover my password but when I try to change my password to something a bit easier to remember it gives me:
Password incorrect or New Password invalid. New Password length minimum: 7. Non-alphanumeric characters required: 1.
View 7 Replies
Jan 23, 2011
Actually I have a gridview with many rows and I want to insert the all rows in sql server through one store procedure first row can inserted but what should we do for other rows
View 3 Replies
Feb 14, 2011
I need rft server control not HTML based server controls to display and store text as well as images, from which i can get rtf text and can save it as it is in DB.
View 1 Replies
Jul 23, 2010
I have a large dataset (35,000+ rows) that I need to export to excel and then let the user download. I have done this the conventional way (with a gridview), but the data has grown, causing a OutOfMemoryException on the web server.
So I thought, would it not be better if I can export the data into excel on the sql server, and then transfer this data to the web server.
Note that this is not a one-off job. This will be ran regularly (twice a month), but the user. Hence I need something that the user can initiate.
View 1 Replies
Mar 13, 2015
i have a sql server store procedure which return json data. i want to get this data without .net framwork or php or any other server side language..
So how make this possible to get json data of sql server query through any client scripting language like jquery ajax method.
View 8 Replies
Jan 20, 2011
I want to create password in single database for example when i attach My database abc.mdf or open that database then it ask me password. as like access database password..
View 3 Replies
