C# 在asp.net C数据库中已对密码进行哈希运算时,如何更改数据库中的密码
您好,我的问题是如何更改密码时,它已经散列和盐,我有网页应用程序asp.net C,我想在我的网站上更改密码选项,但我不能在数据库中更改密码,如果有人知道这样做,请帮助或随时提供考虑提前链接谢谢 这是我的密码C# 在asp.net C数据库中已对密码进行哈希运算时,如何更改数据库中的密码,c#,asp.net,hash,passwords,C#,Asp.net,Hash,Passwords,您好,我的问题是如何更改密码时,它已经散列和盐,我有网页应用程序asp.net C,我想在我的网站上更改密码选项,但我不能在数据库中更改密码,如果有人知道这样做,请帮助或随时提供考虑提前链接谢谢 这是我的密码 List<String> salthashlist = null; List<String> newlist = null; try { SqlConnection conn = new Sql
List<String> salthashlist = null;
List<String> newlist = null;
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegisterConnectionString"].ConnectionString);
conn.Open();
QueryStr = "select Password,UserName FROM UserData WHERE UserName= @uname";
cmd = new SqlCommand(QueryStr, conn);
cmd.Parameters.AddWithValue("@uname", Userlbl.Text);
reader = cmd.ExecuteReader();
while (reader.HasRows && reader.Read())
{
if (salthashlist == null)
{
salthashlist = new List<String>();
newlist = new List<String>();
}
String salHashes = reader.GetString(reader.GetOrdinal("Password"));
salthashlist.Add(salHashes);
String fullname = reader.GetString(reader.GetOrdinal("UserName"));
newlist.Add(fullname);
}
reader.Close();
if (salthashlist != null)
{
for (int i = 0; i < salthashlist.Count; i++)
{
QueryStr = "";
bool validuser = PasswordHash.Validatepass(oldpasswordtxt.Text, salthashlist[i]);
if (validuser == true)
{
Session["New"] = newlist[i];
Response.BufferOutput = true;
String salthashreturned = PasswordHash.makehash(newpassconfirmtxt.Text);
int commaindex = salthashreturned.IndexOf(":");
String extractedstring = salthashreturned.Substring(0, commaindex);
commaindex = salthashreturned.IndexOf(":");
extractedstring = salthashreturned.Substring(commaindex + 1);
commaindex = extractedstring.IndexOf(":");
String salt = extractedstring.Substring(0, commaindex);
commaindex = extractedstring.IndexOf(":");
extractedstring = extractedstring.Substring(commaindex + 1);
String hash = extractedstring;
cmd.Parameters.AddWithValue("@password", salthashreturned);
passchangelbl.Text = "Your new password is changed successfully";
cmd.ExecuteReader();
conn.Close();
}
else
{
passchangelbl.Text = "Please check your old password";
}
}
}
}
catch (Exception ex)
{
passchangelbl.Text = "Please check your password" + ex;
}
您需要更新数据库的新密码。你忘了做那件事。您执行了错误的SELECT命令 您需要更新数据库中的密码哈希。原则:
...
if (validuser == true)
{
...
// possible solution in principle:
cmd = new SqlCommand(
"UPDATE UserData SET Password=@newPassword WHERE UserName= @uname", conn);
cmd.Parameters.AddWithValue("@uname", Userlbl.Text);
cmd.Parameters.AddWithValue("@newPassword", salthashreturned);
cmd.ExecuteScalar();
conn.Close();
passchangelbl.Text = "Your new password is changed successfully";
}
有什么问题吗?只是盐和散列新密码和更新数据库的结果。我做了,但它不工作,它甚至没有显示错误请给一个,我们不能只是猜测问题是什么。请看我的代码告诉我代码是正确的?或者可能是我犯了一些错误,我以前犯过,但仍然无法正常工作。你能告诉我如何以正确的方式更正它吗?我是cquerystr的新手,我这样做了,但结果是相同的更新。这可能有用。如果没有,至少在原则上它向您展示了一个解决方案。但我的代码仍然无法提供错误在哪里?我该怎么办?@Apsdevs00698 Quality Catalyst的代码显示了如何在运行查询后,即函数结束之前更新数据库。
...
if (validuser == true)
{
...
// possible solution in principle:
cmd = new SqlCommand(
"UPDATE UserData SET Password=@newPassword WHERE UserName= @uname", conn);
cmd.Parameters.AddWithValue("@uname", Userlbl.Text);
cmd.Parameters.AddWithValue("@newPassword", salthashreturned);
cmd.ExecuteScalar();
conn.Close();
passchangelbl.Text = "Your new password is changed successfully";
}