Hi All,
I am saving hash password and sal password in db.
But when I trying to retrieve password, the password doesn't match. why. below is my code.
Creating User
protected void Create_User()
{
try
{
string salt = GenerateSalt();
string password = HashPassword(txtpassword.Text, salt);
SqlCommand com = new SqlCommand("Create_User", con);
com.CommandType = CommandType.StoredProcedure;
com.Parameters.AddWithValue("@User_Id", txtUserId.Text);
com.Parameters.AddWithValue("@Password", password);
com.Parameters.AddWithValue("@Salt_Password", salt);
com.Parameters.AddWithValue("@Email", txtEmail.Text);
and when trying to login, it shows password did not match.
see code below
protected void Do_Login()
{
SqlCommand com2 = new SqlCommand("select_Salt_Password", con);
com2.CommandType = CommandType.StoredProcedure;
com2.Parameters.Add("@User_Id", SqlDbType.NVarChar, 50).Value = ddl.SelectedItem.Text;
SqlDataAdapter da1 = new SqlDataAdapter(com2);
DataTable dt1 = new DataTable();
da1.Fill(dt1);
string salt = dt1.Rows[0]["Salt_Password"].ToString();
string password = HashPassword(txtPassword.Text, salt);
SqlCommand com11 = new SqlCommand("For_Login1", con);
com11.CommandType = CommandType.StoredProcedure;
com11.Parameters.AddWithValue("@User_Id", ddl.SelectedItem.Text);
com11.Parameters.AddWithValue("@Password", password);
SqlDataAdapter sda = new SqlDataAdapter(com11);
DataTable dtcheck = new DataTable();
sda.Fill(dtcheck);
if (dtcheck.Rows.Count > 0)
{
}
else
{}
and my sp as below
ALTER proc [dbo].[For_Login1]
(
@User_Id nvarchar(50),
@Password nvarchar(200)
)
as begin
select * from mtblUser where User_Id=@User_Id and Password=@Password ;
end
but still goes in else block. where I am making mistake?
Thanks