Problems Inserting Byte[] into SqlDataSource ASP.Net

Question

Maybe I'm just not googling the right parameters, but I just can't seem to figure this one out.
I've created a hashed password, which from my understanding, should be a byte array. Then I need to insert that into the SqlDataSource and there's where my problem lies.

My database definition is as follows;

 
**Column**  || **Data Type**
----------------------------  
Name        || varchar(50)  
Username    || varchar(50)  
HashedPwd   || varbinary(50)  
Salt        || varbinary(50)  
UserType    || varchar(50)

My code is as follows;

HashAlgorithm hashing = new SHA256Managed();
byte[] passwordPlainText = (new System.Text.ASCIIEncoding()).GetBytes(txtPassword.ToString());
byte[] salt = (new System.Text.ASCIIEncoding()).GetBytes(RNGCryptoServiceProvider.Create().ToString());
// Combine salt and password before hashing.
byte[] saltAndPwd = new byte[passwordPlainText.Length + salt.Length];
Array.Copy(passwordPlainText, saltAndPwd, passwordPlainText.Length);
Array.Copy(salt, 0, saltAndPwd, passwordPlainText.Length, salt.Length);
byte[] hashedPwd = hashing.ComputeHash(saltAndPwd);

database.InsertCommandType = SqlDataSourceCommandType.Text;
database.InsertCommand = "INSERT INTO userlist (Name, Username, HashedPwd, Salt, Type) VALUES (@insName, @insUsername, @insHashedPass, @insSalt, @insType);";
database.InsertParameters.Add("insName", txtName.Text);
database.InsertParameters.Add("insUsername", txtUsername.Text);
database.InsertParameters.Add("insHashedPass", (new System.Text.ASCIIEncoding()).GetString(hashedPwd));
database.InsertParameters.Add("insSalt", (new System.Text.ASCIIEncoding()).GetString(salt));
database.InsertParameters.Add("insType", txtType.Text);
database.Insert();

The database stuff is what I've gleaned from research on the internet and seeing what options I'm given with the handy autocomplete feature in Visual Studio.
FYI I'm using Visual Studio 2010 Version 10.0.4, .Net Version 4.0.3
It seems there's some external libraries for SQL connections, but I would prefer to just use the inbuilt stuff the .Net provides.

At the moment, I recieve this error when running the insert algorithm;
Implicit conversion from data type nvarchar to varbinary is not allowed. Use the CONVERT function to run this query.
I'm not sure how I would use the convert function.
The Add() method can take string, string like I'm currently doing or it can also take string, DbType, string. I've tried database.InsertParameters.Add("insSalt", DbType.Binary, salt); but I can't even compile/build the website. I get; "Cannot convert from byte[] to String".
If I change it to salt.ToString() I get; "Failed to convert parameter value from a String to a Btye[]" on the Insert() line.

So yeah...really lost, any help would be greatly appreciated.

m1kael · Accepted Answer

You don't need the SqlDataSource, it's for data-bound controls. What you need is SqlConnection & SqlCommand. Here's what you do:

...your hashing code here...

using (SqlConnection conn = new SqlConnection("Data Source=.; Initial Catalog=test; Integrated Security=SSPI;"))
{
    var command = conn.CreateCommand();
    command.CommandText = "INSERT INTO userlist (Name, Username, HashedPwd, Salt, UserType) VALUES (@insName, @insUsername, @insHashedPass, @insSalt, @insType);";
    command.CommandType = System.Data.CommandType.Text;

    command.Parameters.Add(new SqlParameter("insName", txtName.Text));
    command.Parameters.Add(new SqlParameter("insUsername", txtUsername.Text));
    command.Parameters.Add(new SqlParameter("insHashedPass", hashedPwd));
    command.Parameters.Add(new SqlParameter("insSalt", salt));
    command.Parameters.Add(new SqlParameter("insType", txtType.Text));

    conn.Open();
    command.ExecuteNonQuery();
}

Also note, I've changed "Type" to "UserType" in your command text to match your DB table definition. You will need to replace the connection string to match yours, of course.

Problems Inserting Byte[] into SqlDataSource ASP.Net

Answers (2)

Related Questions