Comparing user input with hashed password from db c#

Question

So, I have a login and I'm using Linq, C#, to check if there is a pair username/password that fits the user input. If there is any, it is stored in a User variable. If user==null, the login fails, if the user!=null, success! Now, I encrypted my pass and I need to redo the login code so I can compare the user input and the hashed pass stored on the database. I'm using this class to hash:

https://stackoverflow.com/a/32191537/1695100

My login code

private void button_LogInEntrar_Click(object sender, EventArgs e)
{
    string username = tb_LogInUsername.Text;
    string password = tb_LogInPass.Text;

    User userAdmin = (from admin in dbATMT.UserSet.OfType<Administrator>()
    where admin.Username.Equals(username) && admin.Password.Equals(password)
    select admin).FirstOrDefault();

    if (userAdmin == null)
    {
        MessageBox.Show("Invalid");
    }
    else
    {
        //logs in
    }
}

Once you've extracted the password value from LogInPass.Text field, you can apply same encryption/hashing logic before you use it inside LINQ expression. — Gururaj, May 28 '17 at 20:40
my doubt is, if the verify method returns a bool, how can I check, using the linq query, if the user input and the database data are equal ? — Nelson Silva, May 28 '17 at 20:44
May be I missed something here. Where is Verify method defined and what is it doing. Can you please add some details around it? — Gururaj, May 28 '17 at 20:47
i used this class. it has a hash method, to encrypt, and a verify method, that comapres a string with the encrypted data https://stackoverflow.com/a/32191537/1695100 — Nelson Silva, May 28 '17 at 20:49
I don't see where you're using the Class you've mentioned in your code snippet. I was looking for something like this SecurePasswordHasher.Verify(admin.Password, password) in your LINQ expression — Gururaj, May 28 '17 at 20:53
I used the class to encrypt but I didnt use it here beacause I dont know how. I dont get it how can I use a bool inside the linq expression — Nelson Silva, May 28 '17 at 20:56
User userAdmin = (from admin in dbATMT.UserSet.OfType() where admin.Username.Equals(username) && SecurePasswordHasher.Verify(admin.Password, password) select admin).FirstOrDefault(); — Gururaj, May 28 '17 at 20:58
I see what you mean but I get an error: "LINQ to Entities does not recognize the method 'Boolean Verify(System.String, System.String)' method, and this method cannot be translated into a store expression." — Nelson Silva, May 28 '17 at 21:01
`string hashedPassword = SecurePasswordHasher.Hash(password); User userAdmin = (from admin in dbATMT.UserSet.OfType() where admin.Username.Equals(username) && admin.Password.Equals(hashedPassword) select admin).FirstOrDefault();` I think you should be able follow either of the above method to solve your problem — Gururaj, May 28 '17 at 21:05
it doenst work...each time I use the SecurePasswordHasher.hash(), it creates a new hash. It wont be equal to the same on the database — Nelson Silva, May 28 '17 at 21:13
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/145324/discussion-between-gururaj-and-nelson-silva). — Gururaj, May 28 '17 at 21:15
Just use : where admin.Username.Equals(username) && SecurePasswordHasher.Verify(Password) — jdweng, May 28 '17 at 21:34
doesnt work. SecurePasswordHasher takes two arguments. I still tried SecurePasswordHasher.Verify(Password, admin.password) but I get the same error, "LINQ to Entities does not recognize the method 'Boolean " — Nelson Silva, May 28 '17 at 21:40

score 0 · Answer 1 · answered May 28 '17 at 21:52

0

You might want to compare the password outside the LINQ-Expression, like that:

User userAdmin = (from admin in dbATMT.UserSet.OfType<Administrator>()
where admin.Username.Equals(username) select admin).FirstOrDefault();

                        if (userAdmin == null || !admin.Password.Equals(password))
                        {
                            MessageBox.Show("Invalid");
                        }
                        else
                        {
                            //logs in
                        }

answered May 28 '17 at 21:52

stl

63
1
10

and where do I hash the user inputed password and compare it to the one on the bd ? – Nelson Silva May 28 '17 at 22:00
Ah, i see. Try "if (userAdmin == null || !SecurePasswordHasher.Verify(password, admin.Password))" instead – stl May 28 '17 at 22:05
nop...I guess this class inst that great for what I want – Nelson Silva May 28 '17 at 22:15
It seems to work, just tested it in a console application. You are using SecurePasswordHasher.Hash(password) to hash the password and save it into the db? – stl May 28 '17 at 22:23
yes, and I've confirmed that it is an hashed password that is in the bd – Nelson Silva May 28 '17 at 22:26

Comparing user input with hashed password from db c#

1 Answers1