Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- namespace WindowsFormsApplication2
- {
- public partial class loginpage : Form
- {
- public loginpage()
- {
- InitializeComponent();
- }
- // Connection String
- string cs = @"Data Source=MS-LAPTOPSQLEXPRESS;Initial Catalog=break;Integrated Security=True;User Instance=False;Context Connection=False;MultiSubnetFailover=False;TransparentNetworkIPResolution=False";
- //btn_Submit Click event
- public sealed class SecurePasswordHasher
- {
- /// <summary>
- /// Size of salt
- /// </summary>
- private const int SaltSize = 16;
- /// <summary>
- /// Size of hash
- /// </summary>
- private const int HashSize = 20;
- /// <summary>
- /// Creates a hash from a password
- /// </summary>
- /// <param name="password">the password</param>
- /// <param name="iterations">number of iterations</param>
- /// <returns>the hash</returns>
- public static string Hash(string password, int iterations)
- {
- //create salt
- byte[] salt;
- new RNGCryptoServiceProvider().GetBytes(salt = new byte[SaltSize]);
- //create hash
- var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
- var hash = pbkdf2.GetBytes(HashSize);
- //combine salt and hash
- var hashBytes = new byte[SaltSize + HashSize];
- Array.Copy(salt, 0, hashBytes, 0, SaltSize);
- Array.Copy(hash, 0, hashBytes, SaltSize, HashSize);
- //convert to base64
- var base64Hash = Convert.ToBase64String(hashBytes);
- //format hash with extra information
- return string.Format("$MYHASH$V1${0}${1}", iterations, base64Hash);
- }
- /// <summary>
- /// Creates a hash from a password with 10000 iterations
- /// </summary>
- /// <param name="password">the password</param>
- /// <returns>the hash</returns>
- public static string Hash(string password)
- {
- return Hash(password, 10000);
- }
- /// <summary>
- /// Check if hash is supported
- /// </summary>
- /// <param name="hashString">the hash</param>
- /// <returns>is supported?</returns>
- public static bool IsHashSupported(string hashString)
- {
- return hashString.Contains("$MYHASH$V1$");
- }
- /// <summary>
- /// verify a password against a hash
- /// </summary>
- /// <param name="password">the password</param>
- /// <param name="hashedPassword">the hash</param>
- /// <returns>could be verified?</returns>
- public static bool Verify(string password, string hashedPassword)
- {
- //check hash
- if (!IsHashSupported(hashedPassword))
- {
- throw new NotSupportedException("The hashtype is not supported");
- }
- //extract iteration and Base64 string
- var splittedHashString = hashedPassword.Replace("$MYHASH$V1$", "").Split('$');
- var iterations = int.Parse(splittedHashString[0]);
- var base64Hash = splittedHashString[1];
- //get hashbytes
- var hashBytes = Convert.FromBase64String(base64Hash);
- //get salt
- var salt = new byte[SaltSize];
- Array.Copy(hashBytes, 0, salt, 0, SaltSize);
- //create hash with given salt
- var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
- byte[] hash = pbkdf2.GetBytes(HashSize);
- //get result
- for (var i = 0; i < HashSize; i++)
- {
- if (hashBytes[i + SaltSize] != hash[i])
- {
- return false;
- }
- }
- return true;
- }
- }
- private void button2_Click(object sender, EventArgs e)
- {
- //Hash
- var hash = SecurePasswordHasher.Hash("password");
- //Verify
- var result = SecurePasswordHasher.Verify("password", hash);
- if (txtUsername.Text == "" || txt_Password.Text == "")
- {
- MessageBox.Show("Please provide a Username and Password");
- return;
- }
- try
- {
- //Create SqlConnection
- SqlConnection con = new SqlConnection(cs);
- SqlCommand cmd = new SqlCommand("Select * from tabl_login where UserName = @username and Password = @password", con);
- cmd.Parameters.AddWithValue("@username", txtUsername.Text);
- cmd.Parameters.AddWithValue("@password", txt_Password.Text);
- con.Open();
- SqlDataAdapter adapt = new SqlDataAdapter(cmd);
- DataSet ds = new DataSet();
- adapt.Fill(ds);
- con.Close();
- int count = ds.Tables[0].Rows.Count;
- //If count is equal to 1, than show frmMain form
- if (count == 1)
- {
- MessageBox.Show("Login Successful!");
- Form1 objFrmMain = new Form1();
- this.Hide();
- objFrmMain.ShowDialog();
- this.Close();
- }
- else
- {
- MessageBox.Show("Login Failed!");
- }
- }
- catch (Exception ex)
- {
- MessageBox.Show(ex.Message);
- }
- }
- private void button1_Click_1(object sender, EventArgs e)
- {
- Application.Exit();
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement