Tag: asp.net,vb.net,stored-procedures,hash,password-protection
I'm developing an ASP.NET application using SQL Server Stored Procedures. I need to hash my login password and resolve it in my sp_LoginCheck Stored Procedure.
Any suggestions?
I have already inserted data in the database.
For example:
UserName/Password
ABC/123456
DEF/987654
I want to encrypt or hash whatsoever the password then decrypt it in the stored procedure and query the table so that I can acquire the data.
A very simple aproach is to use a MD5 hash.
public class MD5
{
public static string Hash(string message)
{
// step 1, calculate MD5 hash from input
System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(message);
byte[] hash = md5.ComputeHash(inputBytes);
// step 2, convert byte array to hex string
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("X2"));
}
return sb.ToString().ToUpper();
}
}
Then in your application
You say
var password = MD5.hash(passwordField);
And store that in the DB.
When validating the password you just say something like
db.Account.Where(w => w.email == emailField && w.password == MD5.hash(passwordField)
to see if you have a matching record.
As @zulq said there are better systems something that has a salt etc, however for basic password hashing as you requested, this will work.
However if you wish to do all this in a stored procedure. You can use the following HASHBYTES function in SQL
HASHBYTES('md5', 'your password')
So same again when calling the stored procedure, you pass it the plain text password it hashes and stores
When validating you pass a stored procedure the username / password it validates and returns true or false or a row.
There are several SHFILEOPSTRUCT.fFlags options you'll want to consider. You are asking for FOF_NOCONFIRMATION, &H10. You probably want some more, like FOF_ALLOWUNDO, FOF_SILENT, FOF_NOERRORUI, it isn't clear from the question. Check the docs.
asp.net,sql-server,parameter-passing
If doing it from codebehind works then you can do something like sdsOrderErrors.SelectCommand = string.Format("SELECT {0} AS fld FROM [a_table]", colName); (OR) Have a stored procedure to accept a parameter and perform a dynamic query to achieve the same like create procedure usp_testSelect(@colname varchar(30)) as begin declare @sql varchar(200); set...
sql-server,vb.net,authentication,connection-string
You need to add Integrated Security=SSPI and remove username and password from the connection string. Dim ConnectionString As String = "Data Source=Server;Initial Catalog=m2mdata02;Integrated Security=SSPI;" ...
If the data dropped contains a UniformResourceLocator format, you can get the entire URL from that, for example: Private Sub Form1_DragDrop(sender As Object, e As System.Windows.Forms.DragEventArgs) Handles Me.DragDrop If e.Data.GetDataPresent("UniformResourceLocator") Then Dim URL As String = New IO.StreamReader(CType(e.Data.GetData("UniformResourceLocator"), IO.MemoryStream)).ReadToEnd End If End Sub It first checks to see if a...
vb.net,linq,properties,interface
If i have understood it correctly you want to get all selected parents and all selected children. You could use a recursive method: Public ReadOnly Property checkedList As List(Of TreeSelectorAttributes) Get Return rootList.Where(Function(t) t.SelectedInTreeSelector). SelectMany(Function(root) GetSelectedChildren(root)). ToList() End Get End Property Function GetSelectedChildren(root As TreeSelectorAttributes, Optional includeRoot As Boolean =...
c#,.net,vb.net,winforms,custom-controls
If you want to get results that reliably look like the BorderStyles on the machine you should make use of the methods of the ControlPaint object. For testing let's do it ouside of a Paint event: Panel somePanel = panel1; using (Graphics G = somePanel.CreateGraphics()) { G.FillRectangle(SystemBrushes.Window, new Rectangle(11, 11,...
Well, are you looking for a hashcode like this? "OZVV5TpP4U6wJthaCORZEQ" Then this answer might be useful: Guid g = Guid.NewGuid(); string GuidString = Convert.ToBase64String(g.ToByteArray()); GuidString = GuidString.Replace("=",""); GuidString = GuidString.Replace("+",""); Extracted from here. On the linked post there are many other useful answers. Please take a look! Other useful links:...
c#,asp.net,asp.net-mvc,tinymce
Your missing an @symbol for the id attribute: Modify your script as well like this: ***EDIT some thing seems off about the radio buttons only one should be checked and they should have the same name ** you can use the # to denote and ID in Jquery by the...
INSERT INTO tbl2 ( Name ,parentId ) SELECT DISTINCT manager ,0 FROM tbl1 WHERE manager NOT IN ( SELECT employee FROM tbl1 ) INSERT INTO tbl2 SELECT DISTINCT employee ,0 FROM tbl1 UPDATE tbl2 SET parentid = parent.id FROM tbl2 INNER JOIN tbl1 ON tbl2.Name = tbl1.employee INNER JOIN tbl2...
Here is an example of what I meant: (Oh and, forgive the images please :) ) #field1,#field2{ display:none; } #field1 + label { padding:40px; padding-left:100px; background:url(http://www.clker.com/cliparts/M/F/B/9/z/O/nxt-checkbox-unchecked-md.png) no-repeat left center; background-size: 80px 80px; } #field1:checked + label { background:url(http://www.clker.com/cliparts/B/2/v/i/n/T/tick-check-box-md.png) no-repeat left center; background-size: 80px 80px; } #field2 + label { padding:40px;...
c#,asp.net,asp.net-mvc,asp.net-mvc-4,razor
ViewBag is used when returning a view, not when redirecting to another action. Basically it doesn't persist across separate requests. Try using TempData instead: TempData["Tag"] = post.SelectedTag.ToString(); and in the view: <p><strong>Tag: @TempData["Tag"]</strong></p> ...
Looking at your desired output it seems you want to get the index of word in your string. You can do this by splitting the string to array and then finding the item in an array using method Array.FindIndex: Dim animals = "cat, dog, bird" ' Split string to array...
you miss the closing parenthesis for the values list: Dim cmd1 As New OdbcCommand("insert into party values('" + pcode_txt.Text + "','" + Trim(UCase(name_txt.Text)) + "','" + Trim(UCase(addr_txt.Text)) + "','" + phone_txt.Text + "','" + combo_route.SelectedItem + "','" + combo_area.SelectedItem + "')", con) My answer is perfectly fit to your question...
vb.net,multithreading,winforms
The reason is that you are referring to the default instance in your second code snippet. Default instances are thread-specific so that second code snippet will create a new instance of the Form1 type rather then use the existing instance. Your Class1 needs a reference to the original instance of...
There are several domain providers like: godaddy, name etc you can use to buy a domain name. These providers also provide you steps to map the domain name to your website. Check out this link for example. This link explains domain name configuration in details.
c#,jquery,asp.net,scriptmanager,registerstartupscript
All you need to do is add a semi-colon to the end of your String.Format call. ScriptManager.RegisterStartupScript(this, this.GetType(), "ScriptManager1", String.Format(@"ShowHideMessageBlock('{0}');", @"#successMsg"), true); ...
c#,asp.net,.net,entity-framework,entity-framework-6
You are executing an asynchronous method. This means that any exceptions will be thrown when you call await on the returned task or when you try to retrieve the results using await myTask; You never do so, which means that the exception is thrown and caught higher up your call...
c#,asp.net,asp.net-mvc,entity-framework
If you don't specify a database name then the connection will use the default database for the user, in this case it's integrated security so it's your Windows login. As you likely have full system admin on the server the default database will be master so you will find all...
Your approach doesn't work because you are using ToString on a DataColumn which has no such overload like DateTime. That doesn't work anyway. The only way with the DataTable was if you'd add another string-column with the appropriate format in each row. You should instead use the DataGridViewColumn's DefaultCellStyle: InvestorGridView.Columns(1).DefaultCellStyle.Format...
You need to use InnerHtml property HtmlGenericControl li = new HtmlGenericControl("li"); li.ID = "liQuestions" + recordcount.ToString(); li.Attributes.Add("role", "Presentation"); ULRouting.Controls.Add(li); HtmlGenericControl anchor = new HtmlGenericControl("a"); li.Attributes.Add("myCustomIDAtribute", recordcount.ToString()); anchor.InnerHtml = "Test <br/> 12345"; li.Controls.Add(anchor); Or, like this: anchor.Controls.Add(new LiteralControl("Test")); //or new Literal("Test"); anchor.Controls.Add(new HtmlGenericControl("br"));...
Try this vb code behind, then comment out my test Private Sub BindGrid() Dim dt_SQL_Results As New DataTable '' Commenting out to use test data as I have no access to your database 'Dim da As SqlClient.SqlDataAdapter 'Dim strSQL2 As String 'Dim Response As String = "" 'strSQL2 = "SELECT...
No, you cannot enter any string. You will need to register with each provider to get the parameters that you need. See http://www.asp.net/web-api/overview/security/external-authentication-services for instructions on how to do this....
vb.net,razor,model-view-controller,model
You need to pass the model instance to the view: Function Details() As ActionResult Dim employee As Employee employee = New Employee employee.EmployeeID = 101 Return View(employee) End Function ...
javascript,c#,asp.net,webmethod,pagemethods
You PageMethod is looking like this PageMethods.LoginUser(onSuccess, onFailure, email, pass); And when you call it, it looks like this PageMethods.LoginUser(email, pass); Your arguments should be in the same order as the method. PageMethods.LoginUser(email, pass, onSuccess, onFailure); ...
You can use LINQ: DataTable nonDups = parsedDataset.Tables("Detail").AsEnumerable() .GroupBy(row => row.Field<string>("Authorization_ID")) .OrderBy(grp => grp.Key) .Select(grp => grp.Last()) .CopyToDataTable(); This selects the last row of each dup-group. If you want to order the group use grp.OrderBy....
You are using a namespace, your full type name is Project.ViewModel.ViewModel (namespace is Project.ViewModel and class name is ViewModel) so use this using instead: @model Project.ViewModel.ViewModel ...
The WebApi is a web project and on compiling it creates a dll. It is not a class library or a nuget package to consume and use it. I have practically implemented this in a real world application and below are my thoughts for your understanding. Your question is Once...
try this: var loginName = @"loginNameOfInterestedUser"; var ldap = new DirectoryEntry("LDAP://domain.something.com"); var search = new DirectorySearcher(ldap) { Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + loginName + "))" }; var result = search.FindOne(); if (result == null) return; var fullQuery = result.Path; var user = new DirectoryEntry(fullQuery); DirectoryEntry manager; if (user.Properties.PropertyNames.OfType<string>().Contains("manager")) { var managerPath...
I would use a separate div and use fixed positioning on it. Example <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Layout Example</title> <link rel="stylesheet" type="text/css" href="./Layout Example_files/style.css"> <style type="text/css"> .fixed-background{ background: url( "images/SoapBubbles.jpg" ) no-repeat fixed top center; position:fixed; z-index:-1; top:0; right:0; left:0; bottom:0; } </style> </head> <body> <div...
You can't do this: string.Contains(string array) Instead you have to rewrite that line of code to this: if (file == null || formats.Any(f => file.Contains(f))) And this can be shortened down to: if (file == null || formats.Any(file.Contains)) ...
Sure, assuming you are using IIS to host your site, open IIS Manager and select your web site and then binding on the right: make sure you only have a binding for https not for http. This way IIS will only send https traffic to that web site. Edit: What...
You can use Enumerable.All: dim linqMeddata = From m In medicineDataList Where keys.All(Function(k) m.MedicineData.Contains(k)) Order By m.MedicineName Ascending Select m ...
UPDATE Using an XDocument vs an XmlDocument, I believe this does what you're asking without using loops. This is dependent on the elements being in the order of <PhoneType> <PhonePrimaryYN> <PhoneNumber> string xml = "<?xml version=\"1.0\"?>" + "<Root>" + " <PhoneType dataType=\"string\">" + " <Value>CELL</Value>" + " </PhoneType>" + "...
asp.net,architecture,wcfserviceclient
As long as you are able to use the exact same contract for all the versions the web application does not need to know which version of the WCF service it is accessing. In the configuration of the web application, you specify the URL and the contract. However, besides the...
c#,asp.net,sql-server,date,gridview-sorting
What happens if you change all of the filters to use 'LIKE': if (DropDownList1.SelectedValue.ToString().Equals("Start")) { FilterExpression = string.Format("Start LIKE '{0}%'", TextBox1.Text); } Then, you're not matching against an exact date (at midnight), but matching any date-times which start with that date. Update Or perhaps you could try this... if (DropDownList1.SelectedValue.ToString().Equals("Start"))...
System.Globalization.DateTimeFormatInfo.InvariantInfo doesn't contain format pattern dd-MM-yyyy(26-06-2015) From MSDN about InvariantCulture The InvariantCulture property can be used to persist data in a culture-independent format. This provides a known format that does not change For using invariant format in converting string to DateTime your string value must be formatted with one of...
The module- and application pipelines are explained in detail in the wiki. It's basically hooks which are executed before and after route execution on a global (application pipelines) and per-module basis. Here's an example: If a route is resolved to a module called FooModule, the pipelines will be invoked as...
You're passing the contents of a ListBox to a method that is just displaying them in a MsgBox(). There are two approaches you can do to accomplish what I think you're wanting. You can pass ListBox.Items to the method and iterate through each item concatenating them into a single String...
Is it possible that your datagridview isn't loaded fully when you try to recolor the rows? Since you are setting the datasource, you should put your code that affects the grid after you can make sure that it is finished loading. The column widths change because it is not dependent...
asp.net,vb.net,visual-studio-2012,converter
The result isn't wrong, it only has lower precision than you expected. Floating point numbers have a limited precision by design, and you simply can't expect to get a result that is more precise than its limit. You can use a Decimal to get higher precision. In this case it...
There are a few basic ways of checking for a value in an integer array. The first is to manually search by looping through each value in the array, which may be what you want if you need to do complicated comparisons. Second is the .Contains() method. It is simpler...
sql,asp.net,asp.net-mvc,database,entity-framework-6
Ideally what you want is a many-to-many relationship between your Shop and Product entities: public class Shop { public int ShopId {get; set;} public virtual ICollection<ShopProduct> ShopProducts {get; set;} } public class Product { public int ProductId {get; set;} public string Name {get; set;} public virtual ICollection<ShopProduct> ShopProducts {get; set;}...
Try setting IsUnicodeText to true: 'VB.NET Dim newEntry = New ZipEntry(entryName) With { _ Key .DateTime = DateTime.Now, _ Key .Size = size, _ Key .IsUnicodeText = True _ } //C# var newEntry = new ZipEntry(entryName) { DateTime = DateTime.Now, Size = size, IsUnicodeText = true }; ...
c#,asp.net,asp.net-mvc,json.net
Does the assemblyBinding tag have proper xmlns schema? Check if the issue you are encountering is same as Assembly binding redirect does not work
I think the only solution is create a new function and gradually migrate to it. Public Function ExecuteQueryReturnDS(ByVal cmdQuery As SqlCommand) As DataSet Try Dim ds As New DataSet Using sqlCon As New SqlConnection(connStr) cmdQuery.Connection = sqlCon Dim sqlAda As New SqlDataAdapter(cmdQuery) sqlAda.Fill(ds) End Using Return ds Catch ex As...
You've got a quotes problem, fix it like this: <% Session["path"] = "'" + vr_ + "'"; %> EDIT 1: Javascript and ASP.NET are not the same, so you cannot access the variables, so you can't do it on the client side. You must send something to the server like...
change the smtpserver from smtp.outlook.com to smtp-mail.outlook.com web.config settings <mailSettings> <smtp deliveryMethod="Network" from="[email protected]"> <network host="smtp-mail.outlook.com" userName="[email protected]" password="passwordhere" port="587" enableSsl="true"/> </smtp> </mailSettings> ...