C# BCrypt根据数据库中的密码验证密码
我正在尝试验证我的数据库中已用BCrypt哈希的哈希密码 我有两个网络表单,一个登录页面和一个注册页面 在注册页面中,我创建散列,验证散列并将其插入数据库。很好 在登录页面中,我从数据库中选择哈希密码,并将其与文本框中提交的密码进行比较 在根据提交的密码验证数据库中的哈希时,我似乎遇到了问题,我不知道出了什么问题 以下是注册页面代码:C# BCrypt根据数据库中的密码验证密码,c#,mysql,bcrypt,C#,Mysql,Bcrypt,我正在尝试验证我的数据库中已用BCrypt哈希的哈希密码 我有两个网络表单,一个登录页面和一个注册页面 在注册页面中,我创建散列,验证散列并将其插入数据库。很好 在登录页面中,我从数据库中选择哈希密码,并将其与文本框中提交的密码进行比较 在根据提交的密码验证数据库中的哈希时,我似乎遇到了问题,我不知道出了什么问题 以下是注册页面代码: protected void registerbutton_Click(object sender, EventArgs e) { str
protected void registerbutton_Click(object sender, EventArgs e)
{
string myPassword = passwordtextbox.Text;
string mySalt = BCryptHelper.GenerateSalt();
string myHash = BCryptHelper.HashPassword(myPassword, mySalt);
bool doesPasswordMatch = BCryptHelper.CheckPassword(myPassword, myHash);
if (doesPasswordMatch == true)
{
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
using (SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users (Username, Password, FirstName, LastName) VALUES (@username, @password, @firstname, @lastname)", conn))
{
cmd.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
cmd.Parameters.Add("@password", SqlDbType.Char).Value = myHash;
cmd.Parameters.Add("@firstname", SqlDbType.NVarChar).Value = firstnametextbox.Text;
cmd.Parameters.Add("@lastname", SqlDbType.NVarChar).Value = lastnametextbox.Text;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
registerlabel3.Text = myHash;
}
}
else
{
registerlabel3.Text = "Error";
}
}
protected void loginbutton_Click(object sender, EventArgs e)
{
const string query = "SELECT Username, Password FROM dbo.Users WHERE Username = @username";
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
using (SqlCommand cmd = new SqlCommand(query, conn))
{
cmd.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
conn.Open();
//string hashedPassword = BCrypt.Net.BCrypt.HashPassword(passwordtextbox.Text);
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
var passwordInDb = reader.GetString(1);
Label3.Text = "submitted = " + passwordtextbox.Text;
Label4.Text = "database hash = " + passwordInDb;
if(BCryptHelper.CheckPassword(passwordtextbox.Text, reader.GetString(1)))
{
//login
loginlabel.Text = "Success";
}
else
{
loginlabel.Text = "Error";
}
}
}
}
}
以下是登录页面代码:
protected void registerbutton_Click(object sender, EventArgs e)
{
string myPassword = passwordtextbox.Text;
string mySalt = BCryptHelper.GenerateSalt();
string myHash = BCryptHelper.HashPassword(myPassword, mySalt);
bool doesPasswordMatch = BCryptHelper.CheckPassword(myPassword, myHash);
if (doesPasswordMatch == true)
{
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
using (SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users (Username, Password, FirstName, LastName) VALUES (@username, @password, @firstname, @lastname)", conn))
{
cmd.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
cmd.Parameters.Add("@password", SqlDbType.Char).Value = myHash;
cmd.Parameters.Add("@firstname", SqlDbType.NVarChar).Value = firstnametextbox.Text;
cmd.Parameters.Add("@lastname", SqlDbType.NVarChar).Value = lastnametextbox.Text;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
registerlabel3.Text = myHash;
}
}
else
{
registerlabel3.Text = "Error";
}
}
protected void loginbutton_Click(object sender, EventArgs e)
{
const string query = "SELECT Username, Password FROM dbo.Users WHERE Username = @username";
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
using (SqlCommand cmd = new SqlCommand(query, conn))
{
cmd.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
conn.Open();
//string hashedPassword = BCrypt.Net.BCrypt.HashPassword(passwordtextbox.Text);
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
var passwordInDb = reader.GetString(1);
Label3.Text = "submitted = " + passwordtextbox.Text;
Label4.Text = "database hash = " + passwordInDb;
if(BCryptHelper.CheckPassword(passwordtextbox.Text, reader.GetString(1)))
{
//login
loginlabel.Text = "Success";
}
else
{
loginlabel.Text = "Error";
}
}
}
}
}
感谢您的帮助和反馈。在写入数据库时,请尝试:
protectedvoid registerbutton\u单击(对象发送方,事件参数e)
{
....
cmd.Parameters.Add(“@password”,SqlDbType.NVarChar).Value=myHash;
....
}
将数据库字段设置为CHAR(60)
我将存储哈希密码的数据库字段设置为CHAR(60),现在它可以工作了
我不知道为什么它必须是CHAR(60),但它是有效的
如果可以解释的话,那就太好了。将哈希放入数据库没有问题,NVarChar和Char都可以工作。数据库中保存的密码和哈希是什么。这似乎是一个错误(因为绝对没有理由让它这样失败)。