Reputation: 295
ASP.NET using md5 to authenticate users
Currently i am doing a little project, the user registration password field is encrypted in the database, therefore I need to authenticate users using md5 algorithm also but my code is not working, whenever i try to input the correct password(unencrypted) it enters but later out i figured out that any password I type, the system will accept it even it doesn't matches in the database.
Can you help me? Here is my code:
protected void btnSubmit_Click(object sender, EventArgs e)
{
string pAssword = txtPassword.Text;
MD5CryptoServiceProvider encryptor = new MD5CryptoServiceProvider();
byte[] encryptedValue;
UTF8Encoding encoder = new UTF8Encoding();
encryptedValue = encryptor.ComputeHash(encoder.GetBytes(pAssword));
DataSet ds = new DataSet();
ds = (startWebService.getAllUsers());
if (ds.Tables[0].Rows.Count > 0)
{
foreach (DataRow dRow in ds.Tables[0].Rows)
{
string userName = dRow["UserName"].ToString();
string passWord = dRow["Password"].ToString();
string acctNo = dRow["AccountNumber"].ToString();
if (userName == txtUsername.Text.ToString() && acctNo == txtAcctNo.Text.ToString() && passWord == encryptedValue.ToString() )
{
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text.ToString(), false);
lblError.Text = "You got it!";
Response.Redirect("MyAccount.aspx");
}
else
{
this.lblError.ForeColor = System.Drawing.Color.Red;
this.lblError.Text = "Either you have been type an incorrect network credentials or you have reached the maximum login attempts for your account.Please try again or contact the system administrator.";
startWebService.updateFailedLogin(txtAcctNo.Text.ToString(), txtUsername.Text.ToString());
}
}
}
}
my web services:
private DataSet GetDataSet(string strSPROC)
{
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = strSPROC;
conn.Open();
SqlDataAdapter myDataAdapter = new SqlDataAdapter();
myDataAdapter.SelectCommand = cmd;
DataSet dsMT = new DataSet();
myDataAdapter.Fill(dsMT);
return dsMT;
conn.Close();
}
[WebMethod]
public DataSet getAllUsers()
{
return GetDataSet("ELMS_ALLINTERNETUSERS");
}
Please help me, I have to correct this in a way that the system will accepts the correct equivalent of encrypted text for example I type: spain = wdhs3x9029 but i tried to type philippines , it accepts also.
Upvotes: 2
Views: 2631
Answers (1)
Reputation: 24125
There is a nice built-in method for hashing passwords (you can use MD5 with it):
string encryptedValue = FormsAuthentication.HashPasswordForStoringInConfigFile(pAssword, "MD5");
You can read more about this method here. If you need to reinvent the wheel, then I suggest you change your method of getting hash as string to something more like this:
MD5CryptoServiceProvider encryptor = new MD5CryptoServiceProvider();
UTF8Encoding encoder = new UTF8Encoding();
byte[] encryptedValueBytes = encryptor.ComputeHash(encoder.GetBytes(pAssword));
StringBuilder encryptedValueBuilder = new StringBuilder();
for (int i = 0; i < encryptedValueBytes.Length; i++)
{
encryptedValueBuilder.Append(data[i].ToString("x2"));
}
string encryptedValue = encryptedValueBuilder.ToString();
instead of simple .ToString() on byte array.
Upvotes: 3
Related Questions
- Use md5 to encrypt the password in asp.net .core
- advantage of md5+salt in asp.net application
- ASP.NET Hash password using MD5
- ASP.NET Identity - Verify Password Without Framework
- Calculating MD5 checksum of an asp.net web application
- C# & Lua MD5 Hashing
- Using MD5 in C# and SQL Server 2008 R2
- ASP.NET MVC / C# - Linq and hashed password
- md5 encryption in asp.net
- MD5 password checking always return false?