我正在尝试在要创建的应用程序的一部分上做一个简单的签名。要确认登录,我只是尝试确保输入的密码的哈希值与存储在本地数据库中的密码匹配: App_Users )'
ButtonClick:
apps/
- app_1_name/
- app/
- e2e/
- package.json
- app_2_name/
- app/
- e2e/
- package.json
libs/
- lib_1_name/
package.json
angular.json
但是,我得到了错误:
string AppUsername = textBox2.Text.ToString();
string AppPassword = textBox1.Text.ToString();
//- Hashed-V-
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
var pbkdf2 = new Rfc2898DeriveBytes(AppPassword, salt, 10000);
byte[] hash = pbkdf2.GetBytes(20);
byte[] hashBytes = new byte[36];
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hash, 0, hashBytes, 16, 20);
string savedPasswordHash = Convert.ToBase64String(hashBytes); // <-- see ' https://stackoverflow.com/questions/4181198/how-to-hash-a-password ' for the part on comparing the recalculated
//-
SqlConnection con = new SqlConnection();
con.ConnectionString = ("Data Source=DESKTOP-PGHMM6M;Initial Catalog=LocalUsers;Integrated Security=True");
con.Open();
var cmd = new SqlCommand(@"SELECT Username, Hash FROM App_Users WHERE (Hash = @Hash");
cmd.Connection = con;
savedPasswordHash = cmd.ExecuteScalar() as string;
if (cmd.ExecuteNonQuery() > 0) {
MessageBox.Show(" Query successful..something matched.. ");
//change page.. load a profile?
}
我已经搜索了一下,但是我不确定下一步到底是我要做什么。.对不起,这可能是一个不好的问题,在sql方面。我认为这与适配器有关?
答案 0 :(得分:0)
您没有在查询中传递@Hash参数的值。并且,您还应该在查询中检查用户名,否则,如果任何登录使用给定的密码,登录尝试都会成功。
尝试类似的东西:
...
var cmd = new SqlCommand(@"SELECT Username, Hash FROM App_Users WHERE Hash = @Hash AND Username = @Username");
cmd.Connection = con;
cmd.Parameters.Add("@Hash", SqlDbType.VarChar, 48).Value = savedPasswordHash;
cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 32).Value = AppUsername;
if (cmd.ExecuteNonQuery() > 0) {
...
这假设App_Users.Hash是VARCHAR(48),而App_Users是NVARCHAR(32)。您可能需要更改它以匹配您实际使用的数据类型。