i figured out the problem

it is that Hash function generates different hash each time for same value i.e 12345 and thats why it doesn't match during login with the one that i submitted during signup.

so is there any way to make the hash stable for same value

e.g. for 1234 a hash should be = 14012dn2998du293ur2ur09u20u092t89284, each time

here is the code:

protected void btnLogin_Click(object sender, EventArgs e)
    {
 String hashing_pwd = FormsAuthentication.HashPasswordForStoringInConfigFile(txtboxPwd.Text, "sha1"); String hashed_pwd = String.Concat(CreateSalt(), hashing_pwd); Response.Write(hashed_pwd);         String con_string = ConfigurationManager.ConnectionStrings["todolist_connectionstring"].ConnectionString;
        SqlConnection con = new SqlConnection(con_string);
        SqlCommand comm = new SqlCommand("member_login", con);
        comm.CommandType = CommandType.StoredProcedure;
        comm.Parameters.Add("@email", SqlDbType.VarChar);
        comm.Parameters["@email"].Value = txtboxEmail.Text;
        comm.Parameters.Add("@pwd", SqlDbType.VarChar);
        comm.Parameters["@pwd"].Value = hashed_pwd;
        comm.Parameters.Add("@result", SqlDbType.Int);
        comm.Parameters["@result"].Direction = ParameterDirection.Output;

        try
        {
            con.Open();
            comm.ExecuteNonQuery();
            int res = (int)comm.Parameters["@result"].Value;
            if (res > 0 )
            {
                Response.Write("<br/>" + "MATCHED");
            }
            else
            {
                Response.Write("<br/>" + "UN- MATCHED");
            }


        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }
        finally
        {
            con.Close();
        }


    }

    protected static string CreateSalt()
    {
     RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
     byte[] byteArr = new byte[32];
     rng.GetBytes(byteArr); return Convert.ToBase64String(byteArr);
    }
}

Are you saying that you are getting a different hash value for the same number each time you run it?

commented: yes JorgeM +2

I'm not familiar with that provider (RNGCryptoServiceProvider), but I looked it up and its working as expected. According to my research, RNGCryptoServiceProvider generates high-quality random numbers. That would be the reason why you are getting different values. looks like there is missing stuff here. I'll read some more and hopefully can provide better assistance.

commented: got it, i just saved salt for each user and during login grabbed that salt to hash the password with it. btw thanks man ! +0
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.