Hashing Method
// If the two SHA1 hashes are the same, returns true.
// Otherwise returns false.
private static bool MatchSHA1(byte[] p1, byte[] p2)
{
bool result = true;
if (p1 != null && p2 != null)
if (p1.Length == p2.Length)
for (int i = 0; i < p1.Length; i++)
if (p1[i] != p2[i])
{
result = false;
break;
}
return result;
}
// Returns the SHA1 hash of the combined userID and password.
private static byte[] GetSHA1(string userID, string password)
{
SHA1CryptoServiceProvider sha = new SHA1CryptoServiceProvider();
return sha.ComputeHash(Encoding.ASCII.GetBytes(userID + password));
}
Registration
protected void RegistrationMember(object sender, LoginCancelEventArgs e)
{
TextBox txtID = (TextBox)cuwRegistration.CreateUserStep.ContentTemplateContainer.FindControl("UserName");
TextBox txtPass = (TextBox)cuwRegistration.CreateUserStep.ContentTemplateContainer.FindControl("Password");
TextBox txtEmail = (TextBox)cuwRegistration.CreateUserStep.ContentTemplateContainer.FindControl("Email");
if (!checkDuplicateUsername(txtID.Text))
{
byte[] EncryptedPassword = GetSHA1(txtID.Text, txtPass.Text);
SqlConnection conRegister = new SqlConnection(ConfigurationManager.ConnectionStrings["connMSJ"].ConnectionString);
SqlCommand cmdRegister;
conRegister.Open();
cmdRegister = new SqlCommand("INSERT INTO Member VALUES (@ID, @Pass, @Email)", conRegister);
cmdRegister.Parameters.AddWithValue("@ID", txtID.Text);
cmdRegister.Parameters.AddWithValue("@Pass", EncryptedPassword);
cmdRegister.Parameters.AddWithValue("@Email", txtEmail.Text);
cmdRegister.ExecuteNonQuery();
conRegister.Close();
e.Cancel = true;
}
Response.Redirect("~/Guest.aspx");
}
Result
For the database, i declared password data type as varbinary(50)
and i learn this hashing method through this web PasswordStorage
Please kindly reply me, your help is needed. Thanks for advanced.