ASP.NET C sharp- Salting and Hashing user passwords in MySQL database

Question

I wonder to ask you about ASP.net C sharp to solve my problem. I created MySql Database that has these fields in user register table(userName,Email,password,postCode,slowHash) then I created (PasswordHash) class that contains a Copy code from this website (https://crackstation.net/hashing-security.htm#aspsourcecode) after that, I wrote this code in (Sign Up page)

 namespace MvcNursery
{
    public partial class SignUp : System.Web.UI.Page

    {
        MySql.Data.MySqlClient.MySqlConnection conn;
        MySql.Data.MySqlClient.MySqlCommand cmd;
        string queryStr;



        protected void BTNSignUp_Click(object sender, EventArgs e)
        {

            // this function for encryption
            registerUserWithLowHash();
            Response.Redirect("~/SignUpComplete.aspx");
        }
        private void registerUserWithLowHash()
        {                
            string connString = System.Configuration.ConfigurationManager.ConnectionStrings["WebAppConnString"].ToString();
            conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
            conn.Open();
            queryStr = "";

                queryStr = "INSERT INTO webappdemo.userregistration (userName, Email, slowHash, postCode)" +
               "VALUES(?userName, ?Email, ?slowHash, ?postCode)";
                cmd = new MySql.Data.MySqlClient.MySqlCommand(queryStr, conn);
                cmd.Parameters.AddWithValue("?userName", UserNameSignUp.Text);
                cmd.Parameters.AddWithValue("?Email", EmailSignUp.Text);
                cmd.Parameters.AddWithValue("?postCode", PostcodeSignUp.Text);
                string saltHashReturned = PasswordHash.CreateHash(PasswordSignUp.Text);
                int commIndex = saltHashReturned.IndexOf(":");
                string extractedString = saltHashReturned.Substring(0, commIndex);
                commIndex = saltHashReturned.IndexOf(":");
                extractedString = saltHashReturned.Substring(commIndex + 1);
                commIndex = extractedString.IndexOf(":");
                string salt = extractedString.Substring(0, commIndex);
                commIndex = extractedString.IndexOf(":");
                extractedString = extractedString.Substring(commIndex + 1);
                string hash = extractedString;

                cmd.Parameters.AddWithValue("?slowHash", saltHashReturned);
                cmd.ExecuteReader();
                conn.Close();    

        }}}

during run time, there is error in (cmd.ExecuteReader();) which is “Exception was unhandled by user code” Hint: the program registered any user without slatHash function successfully.

You have quite a bit of code to extract the hash, but then don't do anything with it ? A first start would be to comment out (or remove) that unneeded code. — Alex, Dec 17 '15 at 11:00
Can you post the table definition for `webappdemo.userregistration` — Alex, Dec 17 '15 at 11:03
CREATE TABLE `userregistration` ( `userID` int(11) NOT NULL AUTO_INCREMENT, `userName` varchar(45) NOT NULL, `Email` varchar(100) NOT NULL, `password` varchar(45) NOT NULL, `saltedPassword` varchar(80) DEFAULT NULL, `postCode` varchar(45) NOT NULL, `slowHash` varchar(80) DEFAULT NULL, `salt` varchar(45) DEFAULT NULL, PRIMARY KEY (`userID`) ) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=latin1 — user2148116, Dec 17 '15 at 12:43

ASP.NET C sharp- Salting and Hashing user passwords in MySQL database

0 Answers0