堆栈内存溢出
  简体   繁体   English

如何将输入密码与数据库 hash 密码进行比较?

[英]How to compare input password to database hash password?

 原文  2022-01-12 00:03:16       c#/ sql/ .net/ authentication

问题描述

I want to write an if that will log in to the admin panel if the user name and password in the data base are equal.如果数据库中的用户名和密码相同,我想写一个 if 将登录到管理面板。 NOW,现在,
'SqlCommand cmd = new SqlCommand("Select * from tbl_Log where @P1=userName and @P2=password", conn); this is my query to get data cmd.Parameters.AddWithValue("@P1", txtUsername.Text);这是我获取数据的查询cmd.Parameters.AddWithValue("@P1", txtUsername.Text); cmd.Parameters.AddWithValue("@P2", hash.hashPassword(txtPassword.Text)); I want to write if(txtUsername.Text == "@P1" && hash.hashPassword(txtPassword.Text) == "@P2" ) and if work go to admin panel this is possible but I don't know what am I writing instead "@P2" in the if statement?我想写if(txtUsername.Text == "@P1" && hash.hashPassword(txtPassword.Text) == "@P2" )如果工作 go 到管理面板这是可能的,但我不知道我是什么在 if 语句中改写"@P2" do you have any idea?你有什么主意吗?

database stored hash manuelly数据库存储 hash 手动

private void Login_btn_Click(object sender, EventArgs e)
    {

        conn.Open();
        SqlCommand cmd = new SqlCommand(@"Select * from tbl_Log where @P1=userName and @P2=password", conn);

        string tmpPass = txtPassword.Text;
        string salt = BCrypt.Net.BCrypt.GenerateSalt(12);
        string hashPwd = BCrypt.Net.BCrypt.HashPassword(tmpPass, salt);

        cmd.Parameters.AddWithValue("@P1", txtUsername.Text);
        cmd.Parameters.AddWithValue("@P2", hashPwd);



        SqlDataReader dr = cmd.ExecuteReader();


        if (dr.Read())
        {
            string tempUsername = dr["userName"].ToString().Trim();
            string tempPassword = dr["password"].ToString().Trim();

            if (txtUsername.Text == tempUsername && hashPass == tempPassword)
            {
                loginSuccesfull_Admin lS_Admin = new loginSuccesfull_Admin();
                lS_Admin.Show();
                this.Hide();

                dr.Close();
                conn.Close();

            }
            else
            {
                MessageBox.Show("You entered wrong username or password!");
            }

        }
        else
        {
            conn.Close();
        }


    }

where am ı doing wrong?我在哪里做错了? could you explain and make a example for me thanks for your help!你能为我解释一下并举个例子吗谢谢你的帮助!

1 个解决方案

解决方案1
 0  2022-01-12 00:29:59

Hashes are salted, which means that identical input creates unique output.哈希是加盐的,这意味着相同的输入会创建唯一的 output。 This is a feature to add more security to storing user sensitive data and the main reason on why hashes are so safe.这是一项为存储用户敏感数据增加更多安全性的功能,也是哈希如此安全的主要原因。 Therefore (unlike with encrypted passwords) it makes them one-way only and you can not compare two different hashes simply because they had the same original input.因此(与加密密码不同)它仅使它们成为单向的,并且您不能仅仅因为它们具有相同的原始输入而比较两个不同的哈希值。 What you must do instead is compare the value to the stored hash for validity.您必须做的是将值与存储的 hash 进行比较以确认有效性。 With BCrypt you can do this in the following way:使用 BCrypt,您可以通过以下方式执行此操作:

var isValid = BCrypt.Net.BCrypt.Verify(password, hash);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将哈希密码与普通密码进行比较? - How to compare the hash-password with ordinary one? 将密码用户输入与来自数据库的密码进行比较 - compare the password user input against from database 如何使用BCrypt将用户输入的密码与数据库中的加密密码进行比较 - how to compare a user entered password to an encrypted password in a database using BCrypt xamarin中的哈希密码以匹配数据库哈希密码 - Hash password in xamarin to match database hashed password 比较输入的密码和Oracle RightNow数据库中的密码 - Compare entered password with password in Oracle RightNow database 比较数据库中的密码以进行密码更新 - Compare Password from Database for Password Update 如何正确散列密码 - How to properly hash a password 如何对密码进行哈希处理? - How to hash a password? 如何给hash一个密码 - How to hash a password 如何验证存储在数据库中的密码作为哈希值? - how to verify password which is store in database as a hash value?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM