TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
Randy Ortan
NA
1
1.5k
How to Match Hash with Salt Password in C#
Dec 10 2015 2:18 AM
How to match hash with salt password login in c#
public static class EncryptionUtilities
{
private const int SALT_SIZE = 8;
private const int NUM_ITERATIONS = 1000;
private static readonly RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
/// <summary>
/// Creates a signature for a password.
/// </summary>
/// <param name="password">The password to hash.</param>
/// <returns>the "salt:hash" for the password.</returns>
public static string CreatePasswordSalt(string password)
{
byte[] buf = new byte[SALT_SIZE];
rng.GetBytes(buf);
string salt = Convert.ToBase64String(buf);
Rfc2898DeriveBytes deriver2898 = new Rfc2898DeriveBytes(password.Trim(), buf, NUM_ITERATIONS);
string hash = Convert.ToBase64String(deriver2898.GetBytes(16));
return salt + ':' + hash;
}
/// <summary>
/// Validate if a password will generate the passed in salt:hash.
/// </summary>
/// <param name="password">The password to validate.</param>
/// <param name="saltHash">The "salt:hash" this password should generate.</param>
/// <returns>true if we have a match.</returns>
public static bool IsPasswordValid(string password, string saltHash)
{
string[] parts = saltHash.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries);
if (parts.Length != 2)
return false;
byte[] buf = Convert.FromBase64String(parts[0]);
Rfc2898DeriveBytes deriver2898 = new Rfc2898DeriveBytes(password.Trim(), buf, NUM_ITERATIONS);
string computedHash = Convert.ToBase64String(deriver2898.GetBytes(16));
return parts[1].Equals(computedHash);
}
}
protected void Button1_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "select * from tb_employees where emp_email = @emp_email and emp_password = @emp_password";
cmd.Parameters.AddWithValue("@emp_email", TextBox1.Text);
cmd.Parameters.AddWithValue("@emp_password", EncryptionUtilities.IsPasswordValid(TextBox2.Text.ToString(), TextBox2.Text));
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
Response.Write("success");
}
dr.Close();
dr.Dispose();
con.Close();
}
Reply
Answers (
1
)
Asp.net mvc... load data without refershing page
What is difference between Static and Private Constructor?