1. 首頁
  2. 問答
  3. 如何在數據庫中更改密碼時已經在數據庫中散列密碼asp.net C#

如何在數據庫中更改密碼時已經在數據庫中散列密碼asp.net C#

2016-06-12 76 views
-4

嗨,我的問題是如何更改密碼時,其已經哈希和鹽,我有Web應用程序的asp.net C#和我想改變密碼選項在我的網站,但我不能更改數據庫中的密碼,如果有人知道這樣做,然後請幫助或提前考慮鏈接感謝提前。如何在數據庫中更改密碼時已經在數據庫中散列密碼asp.net C#

這裏是我的代碼

List<String> salthashlist = null; 
     List<String> newlist = null; 
     try 
     { 
      SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegisterConnectionString"].ConnectionString); 
      conn.Open(); 
      QueryStr = "select Password,UserName FROM UserData WHERE UserName= @uname"; 
      cmd = new SqlCommand(QueryStr, conn); 
      cmd.Parameters.AddWithValue("@uname", Userlbl.Text); 
      reader = cmd.ExecuteReader(); 
      while (reader.HasRows && reader.Read()) 
      { 
       if (salthashlist == null) 
       { 
        salthashlist = new List<String>(); 
        newlist = new List<String>(); 
       } 
       String salHashes = reader.GetString(reader.GetOrdinal("Password")); 
       salthashlist.Add(salHashes); 
       String fullname = reader.GetString(reader.GetOrdinal("UserName")); 
       newlist.Add(fullname); 
      } 
      reader.Close(); 
      if (salthashlist != null) 
      { 
       for (int i = 0; i < salthashlist.Count; i++) 
       { 
        QueryStr = ""; 
        bool validuser = PasswordHash.Validatepass(oldpasswordtxt.Text, salthashlist[i]); 
        if (validuser == true) 
        { 
         Session["New"] = newlist[i]; 
         Response.BufferOutput = true; 
         String salthashreturned = PasswordHash.makehash(newpassconfirmtxt.Text); 
         int commaindex = salthashreturned.IndexOf(":"); 
         String extractedstring = salthashreturned.Substring(0, commaindex); 
         commaindex = salthashreturned.IndexOf(":"); 
         extractedstring = salthashreturned.Substring(commaindex + 1); 
         commaindex = extractedstring.IndexOf(":"); 
         String salt = extractedstring.Substring(0, commaindex); 
         commaindex = extractedstring.IndexOf(":"); 
         extractedstring = extractedstring.Substring(commaindex + 1); 
         String hash = extractedstring; 
         cmd.Parameters.AddWithValue("@password", salthashreturned); 
         passchangelbl.Text = "Your new password is changed successfully"; 
         cmd.ExecuteReader(); 
         conn.Close(); 
        } 
        else 
        { 
         passchangelbl.Text = "Please check your old password"; 
        } 
       } 
      } 
     } 
     catch (Exception ex) 
     { 
      passchangelbl.Text = "Please check your password" + ex; 
     }

來源

2016-06-12 Apsdevs00698

+5

什麼問題?只需加密並散列新密碼並用結果更新數據庫。 – jonrsharpe

+0

我做了,但它不工作,它甚至沒有顯示錯誤 – Apsdevs00698

+2

請給[mcve],我們不能只是猜測問題是什麼。 – jonrsharpe

回答

0

您需要更新新密碼到數據庫中。你忘了這麼做。您執行不正確的SELECT命令。

... 
if (validuser == true) 
{ 
    ... 
    // error here: 
    cmd.Parameters.AddWithValue("@password", salthashreturned); 
    passchangelbl.Text = "Your new password is changed successfully"; 
    cmd.ExecuteReader(); 
    conn.Close(); 
}

您需要UPDATE密碼哈希數據庫。原理:

... 
if (validuser == true) 
{ 
    ... 

    // possible solution in principle: 
    cmd = new SqlCommand(
     "UPDATE UserData SET [email protected] WHERE UserName= @uname", conn); 
    cmd.Parameters.AddWithValue("@uname", Userlbl.Text); 
    cmd.Parameters.AddWithValue("@newPassword", salthashreturned); 
    cmd.ExecuteScalar(); 
    conn.Close(); 
    passchangelbl.Text = "Your new password is changed successfully"; 
}

來源

2016-06-12 22:15:41

+0

我做過但仍然無法正常工作,請你告訴我如何糾正它以適當的方式我是新的C# – Apsdevs00698

+0

querystr我做到了,但結果是相同 – Apsdevs00698

+0

查看更新。它可能工作。如果沒有,它至少會向你顯示原則上的解決方案。 –

相關問題

 相關問題