如何在数据库中更改密码时已经在数据库中散列密码asp.net C#
嗨,我的问题是如何更改密码时,其已经哈希和盐,我有Web应用程序的asp.net C#和我想改变密码选项在我的网站,但我不能更改数据库中的密码,如果有人知道这样做,然后请帮助或提前考虑链接感谢提前。如何在数据库中更改密码时已经在数据库中散列密码asp.net C#
这里是我的代码
List<String> salthashlist = null;
List<String> newlist = null;
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegisterConnectionString"].ConnectionString);
conn.Open();
QueryStr = "select Password,UserName FROM UserData WHERE UserName= @uname";
cmd = new SqlCommand(QueryStr, conn);
cmd.Parameters.AddWithValue("@uname", Userlbl.Text);
reader = cmd.ExecuteReader();
while (reader.HasRows && reader.Read())
{
if (salthashlist == null)
{
salthashlist = new List<String>();
newlist = new List<String>();
}
String salHashes = reader.GetString(reader.GetOrdinal("Password"));
salthashlist.Add(salHashes);
String fullname = reader.GetString(reader.GetOrdinal("UserName"));
newlist.Add(fullname);
}
reader.Close();
if (salthashlist != null)
{
for (int i = 0; i < salthashlist.Count; i++)
{
QueryStr = "";
bool validuser = PasswordHash.Validatepass(oldpasswordtxt.Text, salthashlist[i]);
if (validuser == true)
{
Session["New"] = newlist[i];
Response.BufferOutput = true;
String salthashreturned = PasswordHash.makehash(newpassconfirmtxt.Text);
int commaindex = salthashreturned.IndexOf(":");
String extractedstring = salthashreturned.Substring(0, commaindex);
commaindex = salthashreturned.IndexOf(":");
extractedstring = salthashreturned.Substring(commaindex + 1);
commaindex = extractedstring.IndexOf(":");
String salt = extractedstring.Substring(0, commaindex);
commaindex = extractedstring.IndexOf(":");
extractedstring = extractedstring.Substring(commaindex + 1);
String hash = extractedstring;
cmd.Parameters.AddWithValue("@password", salthashreturned);
passchangelbl.Text = "Your new password is changed successfully";
cmd.ExecuteReader();
conn.Close();
}
else
{
passchangelbl.Text = "Please check your old password";
}
}
}
}
catch (Exception ex)
{
passchangelbl.Text = "Please check your password" + ex;
}
您需要更新新密码到数据库中。你忘了这么做。您执行不正确的SELECT
命令。
...
if (validuser == true)
{
...
// error here:
cmd.Parameters.AddWithValue("@password", salthashreturned);
passchangelbl.Text = "Your new password is changed successfully";
cmd.ExecuteReader();
conn.Close();
}
您需要UPDATE
密码哈希数据库。原理:
...
if (validuser == true)
{
...
// possible solution in principle:
cmd = new SqlCommand(
"UPDATE UserData SET [email protected] WHERE UserName= @uname", conn);
cmd.Parameters.AddWithValue("@uname", Userlbl.Text);
cmd.Parameters.AddWithValue("@newPassword", salthashreturned);
cmd.ExecuteScalar();
conn.Close();
passchangelbl.Text = "Your new password is changed successfully";
}
我做过但仍然无法正常工作,请你告诉我如何纠正它以适当的方式我是新的C# – Apsdevs00698
querystr我做到了,但结果是相同 – Apsdevs00698
查看更新。它可能工作。如果没有,它至少会向你显示原则上的解决方案。 –
什么问题?只需加密并散列新密码并用结果更新数据库。 – jonrsharpe
我做了,但它不工作,它甚至没有显示错误 – Apsdevs00698
请给[mcve],我们不能只是猜测问题是什么。 – jonrsharpe