i figured out the problem
it is that Hash function generates different hash each time for same value i.e 12345 and thats why it doesn't match during login with the one that i submitted during signup.
so is there any way to make the hash stable for same value
e.g. for 1234 a hash should be = 14012dn2998du293ur2ur09u20u092t89284, each time
here is the code:
protected void btnLogin_Click(object sender, EventArgs e)
{
String hashing_pwd = FormsAuthentication.HashPasswordForStoringInConfigFile(txtboxPwd.Text, "sha1"); String hashed_pwd = String.Concat(CreateSalt(), hashing_pwd); Response.Write(hashed_pwd); String con_string = ConfigurationManager.ConnectionStrings["todolist_connectionstring"].ConnectionString;
SqlConnection con = new SqlConnection(con_string);
SqlCommand comm = new SqlCommand("member_login", con);
comm.CommandType = CommandType.StoredProcedure;
comm.Parameters.Add("@email", SqlDbType.VarChar);
comm.Parameters["@email"].Value = txtboxEmail.Text;
comm.Parameters.Add("@pwd", SqlDbType.VarChar);
comm.Parameters["@pwd"].Value = hashed_pwd;
comm.Parameters.Add("@result", SqlDbType.Int);
comm.Parameters["@result"].Direction = ParameterDirection.Output;
try
{
con.Open();
comm.ExecuteNonQuery();
int res = (int)comm.Parameters["@result"].Value;
if (res > 0 )
{
Response.Write("<br/>" + "MATCHED");
}
else
{
Response.Write("<br/>" + "UN- MATCHED");
}
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
finally
{
con.Close();
}
}
protected static string CreateSalt()
{
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] byteArr = new byte[32];
rng.GetBytes(byteArr); return Convert.ToBase64String(byteArr);
}
}