Hi,
I have an ASP.NET website that I require a Windows Forms application to login and authenticate with the SQL database. The database is what was created when I first used the template in VS 2010. The page doesn't have any graphics and is just used by the application for authentication. After authentication, the site will respond with data that is sent to the app.
I do not understand how I can create the password hash (I presume it's a hash) in the application so it can be sent to the ASP.NET site.
I have looked all over the place to find the answer. I have tried the SHA1 .NET methods and nothing seems to give me what I am looking for.
Do I create the hashed password in the app and send it to the page? I can't see in the template how the password in being encrypted/hashed and compared to the hashed password in the database.
I guess if I could figure out how take the passed password from the app, use the PasswordSalt in the database with the
correct hash and be able to come up with the password that resides in the database (for comparison)...I would be home and hosed. Right now I'm just hosed.
This is what I have in mind:
pwd = Request.QueryString["password"];
salt = retrieve salt from db.
SHA1 sha = new SHA1CryptoServiceProvider();
string saltAndPwd = String.Concat(pwd, salt);
hashedPwd = Convert.ToBase64String(sha.ComputeHash(Encoding.UTF8.GetBytes(saltAndPwd)));
The hash doesn't seem correct.
Any help would be appreciated.
Thanks.
Submit an article or tip