Hi,
I have a problem with changing the password from Microsoft Access Database. I get an Error "[B]No data exists for the row/column[/B]". The password in the database is encrypted and when I change the password it should be decrypting the password and new password should be updated with encryption again.
I have following Encryption and Decryption Function:
Imports System.Collections.Generic
Imports System.Linq
Imports System.Web
Imports System.Text
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Public Class EncryptionDecryption
Public Shared Function ComputeHash(ByVal plainText As String, ByVal hashAlgorithm As String, ByVal saltBytes As Byte()) As String
' If salt is not specified, generate it.
If saltBytes Is Nothing Then
' Define min and max salt sizes.
Dim minSaltSize As Integer = 4
Dim maxSaltSize As Integer = 8
' Generate a random number for the size of the salt.
Dim random As New Random()
Dim saltSize As Integer = random.[Next](minSaltSize, maxSaltSize)
' Allocate a byte array, which will hold the salt.
saltBytes = New Byte(saltSize - 1) {}
' Initialize a random number generator.
Dim rng As New RNGCryptoServiceProvider()
' Fill the salt with cryptographically strong byte values.
rng.GetNonZeroBytes(saltBytes)
End If
' Convert plain text into a byte array.
Dim plainTextBytes As Byte() = Encoding.UTF8.GetBytes(plainText)
' Allocate array, which will hold plain text and salt.
Dim plainTextWithSaltBytes As Byte() = New Byte(plainTextBytes.Length + (saltBytes.Length - 1)) {}
' Copy plain text bytes into resulting array.
For i As Integer = 0 To plainTextBytes.Length - 1
plainTextWithSaltBytes(i) = plainTextBytes(i)
Next
' Append salt bytes to the resulting array.
For i As Integer = 0 To saltBytes.Length - 1
plainTextWithSaltBytes(plainTextBytes.Length + i) = saltBytes(i)
Next
Dim hash As HashAlgorithm
' Make sure hashing algorithm name is specified.
If hashAlgorithm Is Nothing Then
hashAlgorithm = ""
End If
' Initialize appropriate hashing algorithm class.
Select Case hashAlgorithm.ToUpper()
Case "SHA384"
hash = New SHA384Managed()
Exit Select
Case "SHA512"
hash = New SHA512Managed()
Exit Select
Case Else
hash = New MD5CryptoServiceProvider()
Exit Select
End Select
' Compute hash value of our plain text with appended salt.
Dim hashBytes As Byte() = hash.ComputeHash(plainTextWithSaltBytes)
' Create array which will hold hash and original salt bytes.
Dim hashWithSaltBytes As Byte() = New Byte(hashBytes.Length + (saltBytes.Length - 1)) {}
' Copy hash bytes into resulting array.
For i As Integer = 0 To hashBytes.Length - 1
hashWithSaltBytes(i) = hashBytes(i)
Next
' Append salt bytes to the result.
For i As Integer = 0 To saltBytes.Length - 1
hashWithSaltBytes(hashBytes.Length + i) = saltBytes(i)
Next
' Convert result into a base64-encoded string.
Dim hashValue As String = Convert.ToBase64String(hashWithSaltBytes)
' Return the result.
Return hashValue
End Function
Public Function VerifyHash(ByVal plainText As String, ByVal hashAlgorithm As String, ByVal hashValue As String) As Boolean
' Convert base64-encoded hash value into a byte array.
Dim hashWithSaltBytes As Byte() = Convert.FromBase64String(hashValue)
' We must know size of hash (without salt).
Dim hashSizeInBits As Integer, hashSizeInBytes As Integer
' Make sure that hashing algorithm name is specified.
If hashAlgorithm Is Nothing Then
hashAlgorithm = ""
End If
' Size of hash is based on the specified algorithm.
Select Case hashAlgorithm.ToUpper()
Case "SHA384"
hashSizeInBits = 384
Exit Select
Case "SHA512"
hashSizeInBits = 512
Exit Select
Case Else
' Must be MD5
hashSizeInBits = 128
Exit Select
End Select
' Convert size of hash from bits to bytes.
hashSizeInBytes = hashSizeInBits \ 8
' Make sure that the specified hash value is long enough.
If hashWithSaltBytes.Length < hashSizeInBytes Then
Return False
End If
' Allocate array to hold original salt bytes retrieved from hash.
Dim saltBytes As Byte() = New Byte(hashWithSaltBytes.Length - hashSizeInBytes - 1) {}
' Copy salt from the end of the hash to the new array.
For i As Integer = 0 To saltBytes.Length - 1
saltBytes(i) = hashWithSaltBytes(hashSizeInBytes + i)
Next
' Compute a new hash string.
Dim expectedHashString As String = ComputeHash(plainText, hashAlgorithm, saltBytes)
' If the computed hash matches the specified hash,
' the plain text value must be correct.
Return (hashValue = expectedHashString)
End Function
End Class
I have following Code with my Change Password page :
Imports System.Data
Imports System.Configuration
Imports System.Data.OleDb
Public Class ChangePassword
Inherits System.Web.UI.Page
'Declaration
Dim SQLStr As String
Dim cmd As New OleDbCommand
Dim DT As New DataTable
Dim DA As New OleDbDataAdapter
Dim DS As New DataSet
Dim bNewData, bEditData As Boolean
Dim DBConnection As OleDbConnection = New OleDbConnection
Dim ConnStr As String = ConfigurationManager.ConnectionStrings("SQLDBConnection").ToString
Dim TDES As New SQLEncrDecr.EncryptionDecryption
Private Sub FormLoad()
Try
lblMessage.Visible = False
lblSystemError.Visible = False
If Session.Item("UserName") = "" Then
Response.Redirect("~/Login.aspx")
Else
UserInfo.Text = "WelCome " & Session.Item("UserName").ToString
UserName_Label.Text = Session.Item("UserName").ToString
txtUserID.Text = UserName_Label.Text
txtUserID.Enabled = False
End If
Catch ex As Exception
lblSystemError.Visible = True
lblSystemError.Text = ex.Message.ToString()
End Try
End Sub
Protected Sub btnChangePassword_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnChangePassword.Click
Try
DBConnection.ConnectionString = ConnStr
DBConnection.Open()
SQLStr = "SELECT * FROM UserInformation"
cmd = New OleDbCommand(SQLStr, DBConnection)
Dim reader As OleDbDataReader = cmd.ExecuteReader()
Dim up As Byte
Dim uPassword As String = reader("Password").ToString()
Dim uFlag As Boolean = TDES.VerifyHash(txtOldPassword.Text, "SHA512", uPassword)
While reader.Read()
If txtOldPassword.Text = reader("Password").ToString And uFlag = True Then
'If uFlag = True Then
up = 1
End If
End While
reader.Close()
DBConnection.Close()
If up = 1 Then
DBConnection.Open()
Dim uPass As String = SQLEncrDecr.EncryptionDecryption.ComputeHash(txtNewPassword.Text, "SHA512", Nothing)
SQLStr = "UPDATE UserInformation SET Password = @Password WHERE UserName = '" & txtUserID.Text & "'"
cmd = New OleDbCommand(SQLStr, DBConnection)
cmd.Parameters.Add(New OleDbParameter("@Password", OleDbType.VarChar, 50))
cmd.Parameters("@Password").Value = uPass
cmd.ExecuteNonQuery()
DBConnection.Close()
lblMessage.Visible = True
lblMessage.Text = "Success"
Else
lblMessage.Visible = True
lblMessage.Text = "Incorrect"
End If
Catch ex As Exception
lblSystemError.Visible = True
lblSystemError.Text = ex.Message.ToString()
End Try
End Sub
My Web Config file contains this connection string:
<connectionStrings>
<add name="SQLDBConnection" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|Security.mdb;Persist Security Info=True"/>
</connectionStrings>
I don't where it went wrong. Can somebody help me out?
Thanks.