C# 检索哈希密码错误
我正在尝试使用用户名和原始密码登录,该用户名和原始密码已使用哈希密码存储在数据库中 但是,当我尝试登录时,我收到消息说C# 检索哈希密码错误,c#,winforms,ms-access,hash,C#,Winforms,Ms Access,Hash,我正在尝试使用用户名和原始密码登录,该用户名和原始密码已使用哈希密码存储在数据库中 但是,当我尝试登录时,我收到消息说value不能为nullonif(salt==null){ 抛出新的异常(“salt”); } 我正在使用BCrypt.cs对数据库中的密码进行哈希运算 以下是我注册用户的代码: string connectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=..\db1.accdb"; Password.Ha
value不能为nullif(salt==null){
抛出新的异常(“salt”);
}BCrypt.csstring connectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=..\db1.accdb";
Password.Hashed = BCrypt.HashPassword(this.textBox2.Text, BCrypt.GenerateSalt(12));
using (OleDbConnection conn = new OleDbConnection(connectionString))
{
string query = "INSERT INTO [Member] ([Username], [Password], [UserType]) VALUES (@Username, @Password, @UserType)";
conn.Open();
using (OleDbCommand cmd = new OleDbCommand(query, conn))
{
cmd.Parameters.Add("@Username", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Username"].Value = this.textBox1.Text;
cmd.Parameters.Add("@Password", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Password"].Value = Password.Hashed;
cmd.Parameters.Add("@UserType", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@UserType"].Value = this.comboBox1.SelectedItem;
cmd.ExecuteNonQuery();
System.Media.SoundPlayer _sound = new System.Media.SoundPlayer(@"C:\Windows\Media\Windows Exclamation.wav");
_sound.Play();
DialogResult _dialogResult = MessageBox.Show("Added Successfully!", "Success", MessageBoxButtons.OK);
if (_dialogResult == DialogResult.OK)
{
this.Hide();
Login _login = new Login();
_login.ShowDialog();
this.Close();
}
}
conn.Close();
}
string connectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=..\db1.accdb";
using (OleDbConnection conn = new OleDbConnection(connectionString))
{
string query = "SELECT [Username], [Password], [UserType] FROM [Member] WHERE [Username] = @Username AND [Password] = @Password";
conn.Open();
using (OleDbCommand cmd = new OleDbCommand(query, conn))
{
cmd.Parameters.Add("@Username", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Username"].Value = this.textBox1.Text;
cmd.Parameters.Add("@Password", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Password"].Value = BCrypt.CheckPassword(this.textBox2.Text, Password.Hashed);
using (OleDbDataReader dReader = cmd.ExecuteReader())
{
if (dReader.Read())
{
UserInformation.CurrentLoggedInUser = (string)dReader["Username"];
UserInformation.CurrentLoggedInUserType = (string)dReader["UserType"];
this.Hide();
this.Close();
}
else
{
Validation(sender, e);
RecursiveClearTextBoxes(this.Controls);
}
dReader.Close();
conn.Close();
}
}
}
string connectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=..\db1.accdb";
Password.Hashed = BCrypt.HashPassword(this.textBox2.Text, BCrypt.GenerateSalt(12));
using (OleDbConnection conn = new OleDbConnection(connectionString))
{
string query = "INSERT INTO [Member] ([Username], [Password], [UserType]) VALUES (@Username, @Password, @UserType)";
conn.Open();
using (OleDbCommand cmd = new OleDbCommand(query, conn))
{
cmd.Parameters.Add("@Username", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Username"].Value = this.textBox1.Text;
cmd.Parameters.Add("@Password", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Password"].Value = Password.Hashed;
cmd.Parameters.Add("@UserType", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@UserType"].Value = this.comboBox1.SelectedItem;
cmd.ExecuteNonQuery();
System.Media.SoundPlayer _sound = new System.Media.SoundPlayer(@"C:\Windows\Media\Windows Exclamation.wav");
_sound.Play();
DialogResult _dialogResult = MessageBox.Show("Added Successfully!", "Success", MessageBoxButtons.OK);
if (_dialogResult == DialogResult.OK)
{
this.Hide();
Login _login = new Login();
_login.ShowDialog();
this.Close();
}
}
conn.Close();
}
string connectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=..\db1.accdb";
using (OleDbConnection conn = new OleDbConnection(connectionString))
{
string query = "SELECT [Username], [Password], [UserType] FROM [Member] WHERE [Username] = @Username AND [Password] = @Password";
conn.Open();
using (OleDbCommand cmd = new OleDbCommand(query, conn))
{
cmd.Parameters.Add("@Username", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Username"].Value = this.textBox1.Text;
cmd.Parameters.Add("@Password", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Password"].Value = BCrypt.CheckPassword(this.textBox2.Text, Password.Hashed);
using (OleDbDataReader dReader = cmd.ExecuteReader())
{
if (dReader.Read())
{
UserInformation.CurrentLoggedInUser = (string)dReader["Username"];
UserInformation.CurrentLoggedInUserType = (string)dReader["UserType"];
this.Hide();
this.Close();
}
else
{
Validation(sender, e);
RecursiveClearTextBoxes(this.Controls);
}
dReader.Close();
conn.Close();
}
}
}
public static string Hashed
{
get;
set;
}
该密码是散列的(salt),我用于登录的原始密码是
KaoruKaorustring connectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=..\db1.accdb";
using (OleDbConnection conn = new OleDbConnection(connectionString))
{
string query = "SELECT [Username], [Password], [UserType] FROM [Member] WHERE [Username] = @Username";
conn.Open();
using (OleDbCommand cmd = new OleDbCommand(query, conn))
{
cmd.Parameters.Add("@Username", System.Data.OleDb.OleDbType.VarChar);
cmd.Parameters["@Username"].Value = this.textBox1.Text;
using (OleDbDataReader dReader = cmd.ExecuteReader())
{
bool isValidPassword = false;
if (dReader.Read())
{
string password = (string)dReader["Password"];
bool isValidPassword = BCrypt.CheckPassword(this.textBox2.Text, password);
if (isValidPassword)
{
UserInformation.CurrentLoggedInUser = (string)dReader["Username"];
UserInformation.CurrentLoggedInUserType = (string)dReader["UserType"];
this.Hide();
this.Close();
}
}
if (!isValidPassword)
{
Validation(sender, e);
RecursiveClearTextBoxes(this.Controls);
}
}
}
}
您生成随机盐,但不将其保存在数据库中。无法验证密码。请查看已编辑的问题。谢谢,我同意乌卢格贝克的观点。您生成了一个随机salt,并且从不将其保存在任何地方以重复使用以与密码进行比较。实际上,BCrypt.cs的给定实现将salt和哈希组合成一个字符串。