[英]BCrypt Verifying password against password in database
I am trying to verify a hashed password in my database which has been hashed with BCrypt. 我正在尝试验证数据库中的散列密码,该密码已用BCrypt散列。
I have two web forms, a login page and registration page. 我有两个Web表单,一个登录页面和注册页面。
In the registration page i create the hash, verify the hash and insert it into the database. 在注册页面中,我创建了哈希,请验证哈希并将其插入数据库中。 Works fine. 工作正常。
In the login page i select the hashed password from the database and compare it with the submitted password from the text box. 在登录页面中,我从数据库中选择哈希密码,然后将其与文本框中提交的密码进行比较。
I seem to be having trouble when verifying the hash in the database against the submitted password, i don't know what is going wrong. 根据提交的密码验证数据库中的哈希时,我似乎遇到麻烦,我不知道出了什么问题。
Here is the registration page code: 这是注册页面代码:
protected void registerbutton_Click(object sender, EventArgs e)
{
string myPassword = passwordtextbox.Text;
string mySalt = BCryptHelper.GenerateSalt();
string myHash = BCryptHelper.HashPassword(myPassword, mySalt);
bool doesPasswordMatch = BCryptHelper.CheckPassword(myPassword, myHash);
if (doesPasswordMatch == true)
{
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
using (SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users (Username, Password, FirstName, LastName) VALUES (@username, @password, @firstname, @lastname)", conn))
{
cmd.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
cmd.Parameters.Add("@password", SqlDbType.Char).Value = myHash;
cmd.Parameters.Add("@firstname", SqlDbType.NVarChar).Value = firstnametextbox.Text;
cmd.Parameters.Add("@lastname", SqlDbType.NVarChar).Value = lastnametextbox.Text;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
registerlabel3.Text = myHash;
}
}
else
{
registerlabel3.Text = "Error";
}
}
Here is the login page code: 这是登录页面代码:
protected void loginbutton_Click(object sender, EventArgs e)
{
const string query = "SELECT Username, Password FROM dbo.Users WHERE Username = @username";
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
using (SqlCommand cmd = new SqlCommand(query, conn))
{
cmd.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
conn.Open();
//string hashedPassword = BCrypt.Net.BCrypt.HashPassword(passwordtextbox.Text);
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
var passwordInDb = reader.GetString(1);
Label3.Text = "submitted = " + passwordtextbox.Text;
Label4.Text = "database hash = " + passwordInDb;
if(BCryptHelper.CheckPassword(passwordtextbox.Text, reader.GetString(1)))
{
//login
loginlabel.Text = "Success";
}
else
{
loginlabel.Text = "Error";
}
}
}
}
}
Help and Feedback is appreciated. 感谢您的帮助和反馈。
写入数据库时,请尝试:
protected void registerbutton_Click(object sender, EventArgs e) { .... cmd.Parameters.Add("@password", SqlDbType.NVarChar).Value = myHash; .... }
Set the database field to CHAR(60) 将数据库字段设置为CHAR(60)
I set my database field where the hashed password is stored to CHAR(60) and now it works. 我将哈希密码存储到的数据库字段设置为CHAR(60),现在可以使用了。
Why it has to be specifically CHAR(60), i don't know, but it works. 我不知道为什么它必须特别是CHAR(60),但是它可以工作。
Would be nice if this could be explained. 如果可以解释这将是很好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.