ASP.NET c＃MD5密码登录页面

Question

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.SqlClient;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace WebApplication1
{
    public partial class Site1 : System.Web.UI.MasterPage
    {


   protected void Page_Load(object sender, EventArgs e)
    {

        object User = Session["$UserName"];
        if (User != null)
        {
            pnlLogin.Visible = false;
            pnlWelcome.Visible = true;
            lblUserName.Text = User.ToString();
        }
        else
        {
            pnlWelcome.Visible = false;
            pnlLogin.Visible = true;

        }

      `protected void btnlogin_Click(object sender, EventArgs e)
    {
        SqlConnection cnn = new SqlConnection(ConfigurationManager.ConnectionStrings[0].ConnectionString);
        string sorgu = "SELECT * FROM TB_User WHERE StrUserID = @UserName AND password = @Password";

        string hashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "MD5");
        SqlCommand cmd = new SqlCommand(sorgu, cnn);


        cmd.Parameters.AddWithValue("@UserName", txtUserName);
        cmd.Parameters.AddWithValue("@Password", hashedPassword);

        cnn.Open();
        SqlDataReader dr = cmd.ExecuteReader();

        if (dr.Read())
        {
            Session.Add("User", dr["StrUserID"].ToString());
            Response.Redirect(Request.RawUrl);
        }
        else
        {
            lblresult.Text = "Login Failed";
        }

        cnn.Close();`
   }
}

here asp & html codes

 <div class="login">
                <asp:Panel ID="pnlLogin" runat="server">
                    <div class="loghead">
                        LOGIN
                    </div>
                    <div class="logfoot">
                        <span>ID</span>
                        <br />
                        <asp:TextBox ID="txtUserName" CssClass="TextBox" runat="server" Width="151px" Height="21px" />
                        <br />
                        <span>Password</span>
                        <br />
                        <asp:TextBox ID="txtPassword" CssClass="TextBox" TextMode="Password" runat="server" Height="21px" Width="151px" />
                        <br />
                        <asp:Button ID="btnregister" CssClass="btnregister" Text="REGISTER" runat="server" OnClick="btnregpag_Click" />
                        <asp:Button ID="btnlogin" CssClass="btnlogin" Text="LOGIN" runat="server" OnClick="btnlogin_Click" />
                        <asp:Label ID="lblresult" Text="" runat="server" />
                    </div>
                </asp:Panel>
                <asp:Panel ID="pnlWelcome" runat="server">  Welcome ,<asp:Label ID="lblUserName" Text="" runat="server" /> </asp:Panel>
            </div>

Thats my code for login, database passwords crypto with md5. When i try login i got error at visual studio 2015 thats error : ERROR IMAGE HERE Whats wrong here? And sql table : SQL TABLE HERE

Answer 1

i find whats wrong txtusername after.text

cmd.Parameters.AddWithValue("@UserName", txtUserName.text);

Now login event working

Answer 2

First of all there is a code syntax error in your code as mentioned in my latest comment.

Also, for md5 password storing you need to know something like

The output of any hash function is a collection of bytes, not a collection of text. So when you enter text as a test you are probably entering a text conversion of that byte array. Simply converting it in SQL to a binary(16) is not correct, you need to do a proper conversion, which is something you cannot do in SQL. This also explains why changing the datatype of the column doesn't work either. Taken from here

I am presenting a small piece of code which might help you in achieving your current task.

Here you go:-

On button click

//get the username
string UserName = txtUserName.Text;

//create the MD5CryptoServiceProvider object we will use to encrypt the password
MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
//create an array of bytes we will use to store the encrypted password
Byte[] hashedBytes;
//Create a UTF8Encoding object we will use to convert our password string to a byte array
UTF8Encoding encoder = new UTF8Encoding();

//encrypt the password and store it in the hashedBytes byte array
hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text));

Don't forget to add the related namespace for the hashing . Have a look below

using System.Security.Cryptography

For full reference you may have look at Using MD5 to Encrypt Password

Take a new aspx page and step into the documentation which I provided you as above.

That will surely help you to achieve your requirement.

Hope that helps.