通过 Visual Studio C# .NET 处理哈希函数插入 MySql 数据库

Question

I am working on a login system for a giant company with a hotel, restaurant and pool.我正在为一家拥有酒店、餐厅和游泳池的大公司开发登录系统。 Each Employee within this company will have access/+monitoring credentials to the system's DB.该公司内的每个员工都将拥有对系统数据库的访问/+监控凭据。

I understand saving passwords in plain text is a BAD BAD approach so I managed the password hashing part tested it using text boxes and Message Boxes(which I removed later).我知道以纯文本格式保存密码是一种糟糕的方法，所以我管理密码散列部分使用文本框和消息框（我后来删除了）对其进行了测试。 and since almost everyone (or the post, videos and threads/forms I've read) said it is a must to have a HashFunction and a Salt Column in your database beside the HashedPassword Column;并且因为几乎每个人（或我读过的帖子、视频和主题/表单）都说，在您的数据库中的HashedPassword列旁边必须有一个HashFunction和一个Salt列； I am having some of a hard-time inserting the hash-function value into the HashFunction column for I don't know what is the value that holds it!我在将哈希函数值插入HashFunction列时遇到了一些困难，因为我不知道保存它的值是什么！

Here is the code I have这是我的代码

private MySqlConnection Connect()
    {
        string con = "Server = servername; DataBase=DBName; username= usr; password=pwd ; Persist Security Info = False; Charset =utf8";
        MySqlConnection connection = new MySqlConnection(con);
        connection.Open();
        return connection;
    }
    private String Salt(int size)
    {
        var rng = new System.Security.Cryptography.RNGCryptoServiceProvider();
        var buffsize = new byte[size];
        rng.GetBytes(buffsize);
        return Convert.ToBase64String(buffsize);
    }

    private String GenerateSHA256Hash(string In, string salt)
    {
        byte[] bytes = System.Text.Encoding.UTF8.GetBytes(In + salt);
        SHA256Managed sha256hashstring = new SHA256Managed();
        byte[] hash = sha256hashstring.ComputeHash(bytes);
        return Convert.ToBase64String(hash);
    }

    private void BtnAddUsr_Click(object sender, EventArgs e)
    {
        string salt = Salt(10);
        string hashedpswd = GenerateSHA256Hash(txtp.Text, salt);
        string AddUser = "Insert into users(name,password,hashfunc,salt,position) VALUES ('" + txtu.Text + "','" + txtp.Text + "','" + hashedpswd.ToString() + "',";
    }

This is the DB Structure in PHPMyAdmin:这是 PHPMyAdmin 中的数据库结构：

How I can handle this and if by any chance anyone can help me with verifying if the user enters the right password, it would be great?我该如何处理这个问题，如果任何人都可以帮助我验证用户是否输入了正确的密码，那就太好了？ Many Thanks.非常感谢。

Answer 1

Thanks to @Chetan I have managed to figure out where I messed up BIG TIME !!!感谢@Chetan我设法弄清楚我在哪里搞砸了BIG TIME !!!

The code looks pretty much the same except for minor stupid changes in the command string除了command string中的微小愚蠢更改外，代码看起来几乎相同

private String Salt(int size)
    {
        var rng = new System.Security.Cryptography.RNGCryptoServiceProvider();
        var buffsize = new byte[size];
        rng.GetBytes(buffsize);
        return Convert.ToBase64String(buffsize);
    }

    private String GenerateSHA256Hash(string In, string salt)
    {
        byte[] bytes = System.Text.Encoding.UTF8.GetBytes(In + salt);
        SHA256Managed sha256hashstring = new SHA256Managed();
        byte[] hash = sha256hashstring.ComputeHash(bytes);
        return Convert.ToBase64String(hash);
    }

    private void BtnAddUsr_Click(object sender, EventArgs e)
    {
        try
         {
            if (txtp.Text != "" && txtu.Text != "")
            {
                MySqlConnection con = Connect();
                string salt = Salt(10);
                string hashedpswd = GenerateSHA256Hash(txtp.Text, salt);
                string AddUser = "Insert into users(name,hashedfact,salt,position) VALUES (@username,@hashedpassword,@salt,@poz)";
                MySqlCommand mySqlCommand = new MySqlCommand(AddUser, con);
                mySqlCommand.Parameters.AddWithValue("@uname", txtu.Text);
                mySqlCommand.Parameters.AddWithValue("@hashedfact", hashedpswd);
                mySqlCommand.Parameters.AddWithValue("@sugar", salt);
                mySqlCommand.Parameters.AddWithValue("@poz", CmbPositions.SelectedItem.ToString());


                //'" + txtu.Text + "','" + hashedpswd.ToString() + "', '"+hashvalue.ToString()+"', " +
                //"'" + salt.ToString() + "','" + CmbPositions.SelectedItem.ToString() + "'
                int res = mySqlCommand.ExecuteNonQuery();
                if (res == 1)
                {
                    DialogResult dialog = MessageBox.Show("User Added Successfully,Would you like to sing-in?", "Proceed?", MessageBoxButtons.YesNo, MessageBoxIcon.Information);
                    if (dialog == DialogResult.Yes)
                    {
                        new Thread(() => new Form1().ShowDialog()).Start();
                        this.SendToBack();
                    }
                    else
                    {
                        Application.Exit();
                    }
                }
            }
         }
         catch (MySqlException ex)
         {
             if (txtp.Text == "" || txtu.Text == "")
             {
                 MessageBox.Show(ex.Message.ToString(), "Error Adding User", MessageBoxButtons.OK, MessageBoxIcon.Error);
             }
         }
         finally
         {
             Connect().Close();
         }
    }

And my Database looks better now!我的数据库现在看起来更好了！

通过 Visual Studio C# .NET 处理哈希函数插入 MySql 数据库

问题描述

1 个解决方案

解决方案1
0 2021-10-19 21:20:24

通过 Visual Studio C# .NET 处理哈希函数插入 MySql 数据库

问题描述

1 个解决方案

解决方案1 0 2021-10-19 21:20:24

解决方案1
0 2021-10-19 21:20:24