{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 疯言疯语 的问题《Encrypt passwords on Sql Server 2008 using SHA1》','https://www.manongdao.com/q-1286236.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have designed a Log In System using C# where the username and password is checked in SQL server 2008 before loading the main page. I wish to encrypt the stored password on the database. Is it possible to do it using C# and SHA1 algorithm?
Following is my stored procedure:
ALTER procedure [dbo].[proc_UserLogin]
@userid varchar(20),
@password nvarchar(50)
As
declare
@ReturnVal varchar(500)
SET NOCOUNT ON
if exists(select userid,password from LoginManager where userid=@userid and password=@password)
set @ReturnVal='0|Logged in Successfully'
else
set @ReturnVal='1|Login Failed/Username does not exist'
select @ReturnVal
C# Code
public void button1_Click(object sender, EventArgs e)
{
mainform = new Form1();
string[] v;
OleDbConnection conn = new OleDbConnection("File Name=E:\\Vivek\\License Manager\\License Manager\\login.udl");
try
{
conn.Open();
string query = "EXEC dbo.proc_UserLogin'" + username.Text+ "', '" + password.Text+"'";
OleDbCommand cmd = new OleDbCommand(query, conn);
string s = Convert.ToString(cmd.ExecuteScalar());
v= s.Split('|');
if (v[0]=="0")
{
mainform.Show();
this.Hide();
}
else
{
MessageBox.Show("Please enter correct user credentials and try again");
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
conn.Close();
}
I have gone through similar questions asked by other users here, but they were not working for me. Can anyone suggest changes to the code, so that password encryption can be accomplished?
Thanks
Hash and salt passwords in C#
https://crackstation.net/hashing-security.htm
https://www.bentasker.co.uk/blog/security/201-why-you-should-be-asking-how-your-passwords-are-stored
As I stated in my comments, hashing passwords is something that you probably shouldn't be doing yourself.
A few things to note:
That being said, to accomplish your specific question, you would want something like this:
passwordHashed stores a hashed version of the user's password (the plain text password is never stored anywhere in persistence.)
for checking for valid password something like this is done:
For inserting/updating user passwords, you need to make sure to store the hashed password not the plain text password, as such;
or
EDIT:
just realized you're asking how to accomplish the hash in C#, not SQL. You could perform the following (taken from Hashing with SHA1 Algorithm in C#):
Your code snip could be:
You should also note that you should parameterize your parameters to your stored procedure rather than passing them in the manner you are - which it looks like you already have a separate question in regarding that.