0

How can I retrieve salt from MySql database using Asp.Net ?

I want to use that retrieved salt to add to the user entered password to generate an SHA256 hash and then authenticate the user.

Here is what I am trying to do to fetch the salt:

String userNameEntered = UserN_TextBox.Text;
String passwordEntered = Password_TextBox.Text;
String connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
connection = new MySqlConnection(connectionString);
connection.Open();
MessageBox.Show("Successfully connected to database");
String queryString = "select salt from xyz.abc_table where salt = @Salt";
command = new MySqlCommand(queryString, connection);
command.Parameters.AddWithValue("@Salt", queryString);
reader = command.ExecuteReader();
Response.Write("Salt retrived is" + reader);
reader.Close();
connection.Close();

When I execute this code, it returns the MySql Data Reader library rather than the salt in the database....

Thanks in advance... :)

HDJEMAI
  • 9,436
  • 46
  • 67
  • 93
Deep
  • 81
  • 2
  • 11
  • Can you add a description of your problem? You've described what you want to do, you've shown some code --- but where is the problem? – ventiseis Apr 23 '17 at 19:17
  • I have updated the question. Please let me know if you know anything. Thanks...!!! – Deep Apr 23 '17 at 21:33
  • Possible duplicate of [getting values from sql reader c#](http://stackoverflow.com/questions/27874566/getting-values-from-sql-reader-c-sharp) – ventiseis Apr 23 '17 at 21:41
  • Don't just use `reader`, use `reader["salt"].ToString()`. – ventiseis Apr 23 '17 at 21:42
  • Please try to use a debugger. I can only guess, but why are you setting the `@Salt` parameter equal to your sql query? `command.Parameters.AddWithValue("@Salt", queryString)` - perhaps no salt value matches your sql query. – ventiseis Apr 23 '17 at 22:19
  • I have corrected it and its working now. Thanks – Deep Apr 26 '17 at 09:47

1 Answers1

0

Here I have solved my problem. Here is the solution to the problem. It might help someone:

try
        {

            String connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
            connection = new MySqlConnection(connectionString);
            connection.Open();
            MessageBox.Show("Successfully connected to database");
            String queryString = "select salt from xyz.abc_table where email_address = @E_Address";
            command = new MySqlCommand(queryString, connection);
            command.Parameters.AddWithValue("@E_Address", UserN_TextBox.Text);
            reader = command.ExecuteReader();
            if (reader.Read())
            {
                Response.Write("Retrived Salt is " + reader["salt"]);
                reader.Close();
                connection.Close();
            }

        }
        catch (Exception ex)
        {
            MessageBox.Show("Failed due to" +ex);
        }
Deep
  • 81
  • 2
  • 11