B
bthumber
I am try to authenication userID and password, I check the spelling of both
userID and password. The problem is it is always false and I know I typed
in the correct data. How am I doing wrong??? Here is my code:
private bool VerifyPasswords(string suppliedUserName, string
suppliedPassword)
{
bool passwordMatch = false;
string connection =
WebConfigurationManager.AppSettings["ConnectionString"];
SqlConnection cn = new SqlConnection(connection);
SqlCommand cmd = new SqlCommand("LookupUser", cn);
cmd.CommandType = CommandType.StoredProcedure;
SqlParameter sqlParam = cmd.Parameters.Add("@username",
SqlDbType.NVarChar, 50);
sqlParam.Value = suppliedUserName;
try
{
cn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read(); // Advance to the one and only row
// Return output parameters from returned data stream
string dbPasswordHash = reader.GetString(0);
int saltSize = 5;
string salt = dbPasswordHash.Substring(dbPasswordHash.Length -
saltSize);
reader.Close();
string hashedPasswordAndSalt =
CreatePasswordHash(suppliedPassword, salt);
passwordMatch = hashedPasswordAndSalt.Equals(dbPasswordHash);
}
catch (Exception ex)
{
throw new Exception("Exception verifying password. " +
ex.Message);
}
finally
{
cn.Close();
}
return passwordMatch;
}
protected void btnLogin_Click(object sender, EventArgs e)
{
bool passwordVerified = false;
try
{
passwordVerified = VerifyPasswords(txtUID.Text, txtPW.Text);
}
catch (Exception ex)
{
lblMessage.Text = ex.Message;
return;
}
if (passwordVerified == true)
{
lblMessage.Text = "Logon successful: user is authenticated";
}
else
{
lblMessage.Text = "Invalid username or password.";
}
}
///////////////////////////////////////////////////////////////////////////////
ALTER PROCEDURE LookupUser
@username nvarchar(50)
AS
SELECT PasswordHash FROM CshipUsers WHERE UserName = @username
//////////////////////////////////////////////////////////////////////////////
private static string CreatePasswordHash(string pwd, string salt)
{
string saltAndPwd = String.Concat(pwd, salt);
string hashedPwd =
FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPwd, "SHA1");
hashedPwd = String.Concat(hashedPwd, salt);
return hashedPwd;
}
userID and password. The problem is it is always false and I know I typed
in the correct data. How am I doing wrong??? Here is my code:
private bool VerifyPasswords(string suppliedUserName, string
suppliedPassword)
{
bool passwordMatch = false;
string connection =
WebConfigurationManager.AppSettings["ConnectionString"];
SqlConnection cn = new SqlConnection(connection);
SqlCommand cmd = new SqlCommand("LookupUser", cn);
cmd.CommandType = CommandType.StoredProcedure;
SqlParameter sqlParam = cmd.Parameters.Add("@username",
SqlDbType.NVarChar, 50);
sqlParam.Value = suppliedUserName;
try
{
cn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read(); // Advance to the one and only row
// Return output parameters from returned data stream
string dbPasswordHash = reader.GetString(0);
int saltSize = 5;
string salt = dbPasswordHash.Substring(dbPasswordHash.Length -
saltSize);
reader.Close();
string hashedPasswordAndSalt =
CreatePasswordHash(suppliedPassword, salt);
passwordMatch = hashedPasswordAndSalt.Equals(dbPasswordHash);
}
catch (Exception ex)
{
throw new Exception("Exception verifying password. " +
ex.Message);
}
finally
{
cn.Close();
}
return passwordMatch;
}
protected void btnLogin_Click(object sender, EventArgs e)
{
bool passwordVerified = false;
try
{
passwordVerified = VerifyPasswords(txtUID.Text, txtPW.Text);
}
catch (Exception ex)
{
lblMessage.Text = ex.Message;
return;
}
if (passwordVerified == true)
{
lblMessage.Text = "Logon successful: user is authenticated";
}
else
{
lblMessage.Text = "Invalid username or password.";
}
}
///////////////////////////////////////////////////////////////////////////////
ALTER PROCEDURE LookupUser
@username nvarchar(50)
AS
SELECT PasswordHash FROM CshipUsers WHERE UserName = @username
//////////////////////////////////////////////////////////////////////////////
private static string CreatePasswordHash(string pwd, string salt)
{
string saltAndPwd = String.Concat(pwd, salt);
string hashedPwd =
FormsAuthentication.HashPasswordForStoringInConfigFile(saltAndPwd, "SHA1");
hashedPwd = String.Concat(hashedPwd, salt);
return hashedPwd;
}