1. 首页
  2. 问答
  3. 如何在数据库中更改密码时已经在数据库中散列密码asp.net C#

如何在数据库中更改密码时已经在数据库中散列密码asp.net C#

2016-06-12 61 views
-4

嗨,我的问题是如何更改密码时,其已经哈希和盐,我有Web应用程序的asp.net C#和我想改变密码选项在我的网站,但我不能更改数据库中的密码,如果有人知道这样做,然后请帮助或提前考虑链接感谢提前。如何在数据库中更改密码时已经在数据库中散列密码asp.net C#

这里是我的代码

List<String> salthashlist = null; 
     List<String> newlist = null; 
     try 
     { 
      SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegisterConnectionString"].ConnectionString); 
      conn.Open(); 
      QueryStr = "select Password,UserName FROM UserData WHERE UserName= @uname"; 
      cmd = new SqlCommand(QueryStr, conn); 
      cmd.Parameters.AddWithValue("@uname", Userlbl.Text); 
      reader = cmd.ExecuteReader(); 
      while (reader.HasRows && reader.Read()) 
      { 
       if (salthashlist == null) 
       { 
        salthashlist = new List<String>(); 
        newlist = new List<String>(); 
       } 
       String salHashes = reader.GetString(reader.GetOrdinal("Password")); 
       salthashlist.Add(salHashes); 
       String fullname = reader.GetString(reader.GetOrdinal("UserName")); 
       newlist.Add(fullname); 
      } 
      reader.Close(); 
      if (salthashlist != null) 
      { 
       for (int i = 0; i < salthashlist.Count; i++) 
       { 
        QueryStr = ""; 
        bool validuser = PasswordHash.Validatepass(oldpasswordtxt.Text, salthashlist[i]); 
        if (validuser == true) 
        { 
         Session["New"] = newlist[i]; 
         Response.BufferOutput = true; 
         String salthashreturned = PasswordHash.makehash(newpassconfirmtxt.Text); 
         int commaindex = salthashreturned.IndexOf(":"); 
         String extractedstring = salthashreturned.Substring(0, commaindex); 
         commaindex = salthashreturned.IndexOf(":"); 
         extractedstring = salthashreturned.Substring(commaindex + 1); 
         commaindex = extractedstring.IndexOf(":"); 
         String salt = extractedstring.Substring(0, commaindex); 
         commaindex = extractedstring.IndexOf(":"); 
         extractedstring = extractedstring.Substring(commaindex + 1); 
         String hash = extractedstring; 
         cmd.Parameters.AddWithValue("@password", salthashreturned); 
         passchangelbl.Text = "Your new password is changed successfully"; 
         cmd.ExecuteReader(); 
         conn.Close(); 
        } 
        else 
        { 
         passchangelbl.Text = "Please check your old password"; 
        } 
       } 
      } 
     } 
     catch (Exception ex) 
     { 
      passchangelbl.Text = "Please check your password" + ex; 
     }

来源

2016-06-12 Apsdevs00698

+5

什么问题?只需加密并散列新密码并用结果更新数据库。 – jonrsharpe

+0

我做了,但它不工作,它甚至没有显示错误 – Apsdevs00698

+2

请给[mcve],我们不能只是猜测问题是什么。 – jonrsharpe

回答

0

您需要更新新密码到数据库中。你忘了这么做。您执行不正确的SELECT命令。

... 
if (validuser == true) 
{ 
    ... 
    // error here: 
    cmd.Parameters.AddWithValue("@password", salthashreturned); 
    passchangelbl.Text = "Your new password is changed successfully"; 
    cmd.ExecuteReader(); 
    conn.Close(); 
}

您需要UPDATE密码哈希数据库。原理:

... 
if (validuser == true) 
{ 
    ... 

    // possible solution in principle: 
    cmd = new SqlCommand(
     "UPDATE UserData SET [email protected] WHERE UserName= @uname", conn); 
    cmd.Parameters.AddWithValue("@uname", Userlbl.Text); 
    cmd.Parameters.AddWithValue("@newPassword", salthashreturned); 
    cmd.ExecuteScalar(); 
    conn.Close(); 
    passchangelbl.Text = "Your new password is changed successfully"; 
}

来源

2016-06-12 22:15:41

+0

我做过但仍然无法正常工作,请你告诉我如何纠正它以适当的方式我是新的C# – Apsdevs00698

+0

querystr我做到了,但结果是相同 – Apsdevs00698

+0

查看更新。它可能工作。如果没有,它至少会向你显示原则上的解决方案。 –

相关问题

 相关问题