namespace WindowsFormsApplication2{ public partial class loginpage : Form

1. namespace WindowsFormsApplication2
2. {
3. public partial class loginpage : Form
4. {
5. public loginpage()
6. {
7. InitializeComponent();
8.  
9. }
10. //Connection String
11. string cs = @"Data Source=MS-LAPTOPSQLEXPRESS;Initial Catalog=break;Integrated Security=True;User Instance=False;Context Connection=False;MultiSubnetFailover=False;TransparentNetworkIPResolution=False";
12. //btn_Submit Click event
13.  
14.  
15.  
16.  
17.  
18.  
19.  
20. public sealed class SecurePasswordHasher
21. {
22. /// <summary>
23. /// Size of salt
24. /// </summary>
25. private const int SaltSize = 16;
26.  
27. /// <summary>
28. /// Size of hash
29. /// </summary>
30. private const int HashSize = 20;
31.  
32. /// <summary>
33. /// Creates a hash from a password
34. /// </summary>
35. /// <param name="password">the password</param>
36. /// <param name="iterations">number of iterations</param>
37. /// <returns>the hash</returns>
38. public static string Hash(string password, int iterations)
39. {
40. //create salt
41. byte[] salt;
42. new RNGCryptoServiceProvider().GetBytes(salt = new byte[SaltSize]);
43.  
44. //create hash
45. var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
46. var hash = pbkdf2.GetBytes(HashSize);
47.  
48. //combine salt and hash
49. var hashBytes = new byte[SaltSize + HashSize];
50. Array.Copy(salt, 0, hashBytes, 0, SaltSize);
51. Array.Copy(hash, 0, hashBytes, SaltSize, HashSize);
52.  
53. //convert to base64
54. var base64Hash = Convert.ToBase64String(hashBytes);
55.  
56. //format hash with extra information
57. return string.Format("$MYHASH$V1${0}${1}", iterations, base64Hash);
58. }
59. /// <summary>
60. /// Creates a hash from a password with 10000 iterations
61. /// </summary>
62. /// <param name="password">the password</param>
63. /// <returns>the hash</returns>
64. public static string Hash(string password)
65. {
66. return Hash(password, 10000);
67. }
68.  
69. /// <summary>
70. /// Check if hash is supported
71. /// </summary>
72. /// <param name="hashString">the hash</param>
73. /// <returns>is supported?</returns>
74. public static bool IsHashSupported(string hashString)
75. {
76. return hashString.Contains("$MYHASH$V1$");
77. }
78.  
79. /// <summary>
80. /// verify a password against a hash
81. /// </summary>
82. /// <param name="password">the password</param>
83. /// <param name="hashedPassword">the hash</param>
84. /// <returns>could be verified?</returns>
85. public static bool Verify(string password, string hashedPassword)
86. {
87. //check hash
88. if (!IsHashSupported(hashedPassword))
89. {
90. throw new NotSupportedException("The hashtype is not supported");
91. }
92.  
93. //extract iteration and Base64 string
94. var splittedHashString = hashedPassword.Replace("$MYHASH$V1$", "").Split('$');
95. var iterations = int.Parse(splittedHashString[0]);
96. var base64Hash = splittedHashString[1];
97.  
98. //get hashbytes
99. var hashBytes = Convert.FromBase64String(base64Hash);
100.  
101. //get salt
102. var salt = new byte[SaltSize];
103. Array.Copy(hashBytes, 0, salt, 0, SaltSize);
104.  
105. //create hash with given salt
106. var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
107. byte[] hash = pbkdf2.GetBytes(HashSize);
108.  
109. //get result
110. for (var i = 0; i < HashSize; i++)
111. {
112. if (hashBytes[i + SaltSize] != hash[i])
113. {
114. return false;
115. }
116. }
117. return true;
118. }
119. }
120.  
121.  
122.  
123. private void button2_Click(object sender, EventArgs e)
124. {
125.  
126.  
127. //Hash
128. var hash = SecurePasswordHasher.Hash("password");
129.  
130. //Verify
131. var result = SecurePasswordHasher.Verify("password", hash);
132.  
133. if (
134.  
135.  
136.  
137.  
138.  
139.  
140.  
141.  
142.  
143.  
144.  
145.  
146.  
147.  
148.  
149.  
150.  
151.  
152.  
153.  
154.  
155.  
156.  
157.  
158.  
159.  
160.  
161.  
162.  
163.  
164.  
165.  
166.  
167.  
168.  
169.  
170.  
171.  
172.  
173.  
174.  
175.  
176.  
177.  
178.  
179.  
180.  
181. txtUsername.Text == "" || txt_Password.Text == "")
182. {
183. MessageBox.Show("Please provide a Username and Password");
184. return;
185. }
186. try
187. {
188. //Create SqlConnection
189. SqlConnection con = new SqlConnection(cs);
190. SqlCommand cmd = new SqlCommand("Select * from tabl_login where UserName=@username and Password=@password", con);
191. cmd.Parameters.AddWithValue("@username", txtUsername.Text);
192. cmd.Parameters.AddWithValue("@password", txt_Password.Text);
193. con.Open();
194. SqlDataAdapter adapt = new SqlDataAdapter(cmd);
195. DataSet ds = new DataSet();
196. adapt.Fill(ds);
197. con.Close();
198. int count = ds.Tables[0].Rows.Count;
199. //If count is equal to 1, than show frmMain form
200. if (count == 1)
201. {
202.  
203.  
204. MessageBox.Show("Login Successful!");
205.  
206. Form1 objFrmMain = new Form1();
207. this.Hide();
208. objFrmMain.ShowDialog();
209. this.Close();
210. }
211. else
212. {
213. MessageBox.Show("Login Failed!");
214. }
215. }
216. catch (Exception ex)
217. {
218. MessageBox.Show(ex.Message);
219. }
220. }
221.  
222. private void txt_UserName_TextChanged(object sender, EventArgs e)
223. {
224.  
225. }
226.  
227. private void button1_Click_1(object sender, EventArgs e)
228. {
229. Application.Exit();
230. }
231.  
232. private void label1_Click(object sender, EventArgs e)
233. {
234.  
235. }
236.  
237. private void loginpage_Load(object sender, EventArgs e)
238. {
239.  
240. }
241.  
242. private void txt_Password_TextChanged(object sender, EventArgs e)
243. {
244.  
245. }
246.  
247. private void button1_Click(object sender, EventArgs e)
248. {
249.  
250. }
251. }
252. }