O'Reilly logo

ADO.NET Cookbook by Bill Hamilton

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

5.8. Transferring Login Credentials Securely

Problem

You need to protect login credentials during transmission over the network and when they are stored within a database.

Solution

Use password hashing and salting with the .NET FormsAuthentication class to control user authentication and access to the application.

The schema of table TBL0508 used in this solution is shown in Table 5-5.

Table 5-5. TBL0508 schema

Column name

Data type

Length

Allow nulls?

UserName

nvarchar

50

No

PasswordHash

nvarchar

50

No

PasswordSalt

nvarchar

50

No

The sample code contains two event handlers:

Create Button.Click

Creates a GUID-based salt and generates a hash of the password concatenated with the salt for a user-specified password. The username, password hash, and salt are inserted into a database.

Login Button.Click

Retrieves the salt and the hash of the password and salt from the database for the specified username. The user-entered password is concatenated with the retrieved salt and the hash is generated. If the hash matches the hash retrieved from the database, the user is authenticated.

The C# code is shown in Example 5-8.

Example 5-8. File: ADOCookbookCS0508.aspx.cs

// Namespaces, variables, and constants using System; using System.Configuration; using System.Web.Security; using System.Data; using System.Data.SqlClient; private const String TABLENAME = "TBL0508"; // . . . private void createButton_Click(object sender, System.EventArgs e) { // Create and display the password salt. String ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required