登录比较数据库中的哈希值
Login Comparing hash value in a database
我正在尝试在我正在创建的应用程序的一部分上做一个简单的登录。为了确认登录,我只是试图确保输入的密码的哈希值与存储在本地数据库中的哈希值匹配:App_Users ) '
按钮点击:
string AppUsername = textBox2.Text.ToString();
string AppPassword = textBox1.Text.ToString();
//- Hashed-V-
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
var pbkdf2 = new Rfc2898DeriveBytes(AppPassword, salt, 10000);
byte[] hash = pbkdf2.GetBytes(20);
byte[] hashBytes = new byte[36];
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hash, 0, hashBytes, 16, 20);
string savedPasswordHash = Convert.ToBase64String(hashBytes); // <-- see ' ' for the part on comparing the recalculated
//-
SqlConnection con = new SqlConnection();
con.ConnectionString = ("Data Source=DESKTOP-PGHMM6M;Initial Catalog=LocalUsers;Integrated Security=True");
con.Open();
var cmd = new SqlCommand(@"SELECT Username, Hash FROM App_Users WHERE (Hash = @Hash");
cmd.Connection = con;
savedPasswordHash = cmd.ExecuteScalar() as string;
if (cmd.ExecuteNonQuery() > 0) {
MessageBox.Show(" Query successful..something matched.. ");
//change page.. load a profile?
}
但是,我收到错误消息:
'Must declare the scalar variable "@Hash".'
我已经四处搜索,但我不确定我想要做的事情的下一步是什么。抱歉,这可能是个糟糕的问题,sql-wise。我认为这与适配器有关?
您没有在查询中为 @Hash
参数传递值。并且您还应该检查查询中的用户名,否则如果 any 登录使用给定的密码,则登录尝试成功。
试试这样的东西:
...
var cmd = new SqlCommand(@"SELECT Username, Hash FROM App_Users WHERE Hash = @Hash AND Username = @Username");
cmd.Connection = con;
cmd.Parameters.Add("@Hash", SqlDbType.VarChar, 48).Value = savedPasswordHash;
cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 32).Value = AppUsername;
if (cmd.ExecuteNonQuery() > 0) {
...
这假设 App_Users.Hash
是 VARCHAR(48)
,App_Users
是 NVARCHAR(32)
。您可能需要更改它以匹配您实际使用的数据类型。
我正在尝试在我正在创建的应用程序的一部分上做一个简单的登录。为了确认登录,我只是试图确保输入的密码的哈希值与存储在本地数据库中的哈希值匹配:App_Users ) '
按钮点击:
string AppUsername = textBox2.Text.ToString();
string AppPassword = textBox1.Text.ToString();
//- Hashed-V-
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
var pbkdf2 = new Rfc2898DeriveBytes(AppPassword, salt, 10000);
byte[] hash = pbkdf2.GetBytes(20);
byte[] hashBytes = new byte[36];
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hash, 0, hashBytes, 16, 20);
string savedPasswordHash = Convert.ToBase64String(hashBytes); // <-- see ' ' for the part on comparing the recalculated
//-
SqlConnection con = new SqlConnection();
con.ConnectionString = ("Data Source=DESKTOP-PGHMM6M;Initial Catalog=LocalUsers;Integrated Security=True");
con.Open();
var cmd = new SqlCommand(@"SELECT Username, Hash FROM App_Users WHERE (Hash = @Hash");
cmd.Connection = con;
savedPasswordHash = cmd.ExecuteScalar() as string;
if (cmd.ExecuteNonQuery() > 0) {
MessageBox.Show(" Query successful..something matched.. ");
//change page.. load a profile?
}
但是,我收到错误消息:
'Must declare the scalar variable "@Hash".'
我已经四处搜索,但我不确定我想要做的事情的下一步是什么。抱歉,这可能是个糟糕的问题,sql-wise。我认为这与适配器有关?
您没有在查询中为 @Hash
参数传递值。并且您还应该检查查询中的用户名,否则如果 any 登录使用给定的密码,则登录尝试成功。
试试这样的东西:
...
var cmd = new SqlCommand(@"SELECT Username, Hash FROM App_Users WHERE Hash = @Hash AND Username = @Username");
cmd.Connection = con;
cmd.Parameters.Add("@Hash", SqlDbType.VarChar, 48).Value = savedPasswordHash;
cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 32).Value = AppUsername;
if (cmd.ExecuteNonQuery() > 0) {
...
这假设 App_Users.Hash
是 VARCHAR(48)
,App_Users
是 NVARCHAR(32)
。您可能需要更改它以匹配您实际使用的数据类型。