The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Hi folks,
This is not exactly a MOD, but something related to the forums that I think other people might find useful.
I'm adding a new application to my site that's written in ASP.NET 2.0. I'd like existing users of the forum to be able to log in to this new application with their forum usernames and passwords. Basically, I don't want my users to have to create two separate logins for the same site.
Ideally, the ASP.NET 2.0 code would use FormsAuthentication, and then authenticate against the password in the FORUM_MEMBERS table.
The problem I'm running into is the SHA256 encryption. The .NET code needs to encrypt the user-entered password with SHA256 to do the comparison. I'm trying to use the System.Security.Cryptography.SHA256Managed class to do this, but it's giving me a completely different result than the function in inc_sha256.asp.
Has anyone tried this? I would really like to avoid rewriting inc_sha256.asp in .NET, unless I absolutely have to.
<
This is not exactly a MOD, but something related to the forums that I think other people might find useful.
I'm adding a new application to my site that's written in ASP.NET 2.0. I'd like existing users of the forum to be able to log in to this new application with their forum usernames and passwords. Basically, I don't want my users to have to create two separate logins for the same site.
Ideally, the ASP.NET 2.0 code would use FormsAuthentication, and then authenticate against the password in the FORUM_MEMBERS table.
The problem I'm running into is the SHA256 encryption. The .NET code needs to encrypt the user-entered password with SHA256 to do the comparison. I'm trying to use the System.Security.Cryptography.SHA256Managed class to do this, but it's giving me a completely different result than the function in inc_sha256.asp.
Has anyone tried this? I would really like to avoid rewriting inc_sha256.asp in .NET, unless I absolutely have to.
<
نوشته شده در
Never mind. I found what I was looking for in this thread:
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=63690
So that this topic isn't a total waste, I'll post my code once I get it working.
<
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=63690
So that this topic isn't a total waste, I'll post my code once I get it working.
<
نوشته شده در
I have fully integrated the Snitz forums with .Net 2 authentication and membership/profiles (see the Snitz .Net threads) if you want the code, I can post it for you.<
نوشته شده در
Is that in the "ASP.NET Conversion" thread over in ASP.NET help? I figured it was somewhere in there, but it was a little tough to sift through all the posts to find it. If you can post the code here that would be great.
In the meantime, here's a little snippet I came up with. This actually might be all I need for my (very limited) requirements.
Login.aspx:
EDIT: Big prize to whoever spots the potential SQL injection security hole first!
<
In the meantime, here's a little snippet I came up with. This actually might be all I need for my (very limited) requirements.
Login.aspx:
Code:
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim oSqlConn As New SqlConnection(ConfigurationManager.ConnectionStrings("Forum").ConnectionString)
Dim sSql As String = "select m.M_Password " & _
"from FORUM_MEMBERS m where m.M_Email = '" & UserEmail.Value & "'"
Dim oSqlCmd As New SqlCommand(sSql, oSqlConn)
oSqlConn.Open()
Dim sPassword As String = oSqlCmd.ExecuteScalar()
oSqlConn.Close()
Dim sPassHash As String = SHA256Hash(UserPass.Value)
If sPassHash.Equals(sPassword) Then
FormsAuthentication.RedirectFromLoginPage(UserEmail.Value, PersistCookie.Checked)
Else
Msg.Text = "Invalid Credentials: Please try again"
End If
End Sub
Public Shared Function SHA256Hash(ByVal Data As String) As String
Dim sha As SHA256 = New SHA256Managed
Dim hash As Byte() = sha.ComputeHash(Encoding.ASCII.GetBytes(Data))
Dim stringBuilder As StringBuilder = New StringBuilder
For Each b As Byte In hash
stringBuilder.AppendFormat("{0:x2}", b)
Next
Return stringBuilder.ToString
End Function
EDIT: Big prize to whoever spots the potential SQL injection security hole first!
<
نوشته شده در
first off, you should be using a paramatized query if you want to avoid SQL injection problems 
this is the code used by the Snitz .Net membership provider to validate a user (may be a little buggy as I normally write in C# not VB, so had to convert it.
or if you want the C# version
<
this is the code used by the Snitz .Net membership provider to validate a user (may be a little buggy as I normally write in C# not VB, so had to convert it.
Code:
Public Overloads Overrides Function ValidateUser(ByVal username As String, ByVal password As String) As Boolean
Dim sql As String = "Select MEMBER_ID From FORUM_MEMBERS WHERE M_NAME=@Username AND M_PASSWORD=@Password"
' Using
Dim conn As SqlConnection = New SqlConnection(connStr)
Try
' Using
Dim cmd As SqlCommand = New SqlCommand(sql, conn)
Try
Dim paramName As SqlParameter = New SqlParameter
paramName.ParameterName = "@Username"
paramName.Value = username
cmd.Parameters.Add(paramName)
Dim paramPwd As SqlParameter = New SqlParameter
paramPwd.ParameterName = "@Password"
paramPwd.Value = SHA256Hash(password)
cmd.Parameters.Add(paramPwd)
Try
conn.Open
Dim reader As SqlDataReader = cmd.ExecuteReader
If reader.HasRows Then
Return True
Else
Return False
End If
Catch
Return False
End Try
Finally
CType(cmd, IDisposable).Dispose()
End Try
Finally
CType(conn, IDisposable).Dispose()
End Try
End Function
Public Shared Function SHA256Hash(ByVal Data As String) As String
Dim sha As SHA256 = New SHA256Managed
Dim hash As Byte() = sha.ComputeHash(Encoding.ASCII.GetBytes(Data))
Dim stringBuilder As StringBuilder = New StringBuilder
For Each b As Byte In hash
stringBuilder.AppendFormat("{0:x2}", b)
Next
Return stringBuilder.ToString
End Function
or if you want the C# version
Code:
public static string SHA256Hash(string Data)
{
SHA256 sha = new SHA256Managed();
byte[] hash = sha.ComputeHash( Encoding.ASCII.GetBytes(Data) );
StringBuilder stringBuilder = new StringBuilder();
foreach( byte b in hash )
{
stringBuilder.AppendFormat("{0:x2}", b);
}
return stringBuilder.ToString();
}
public static bool ValidateUser(string username, string password)
{
string sql = "Select MEMBER_ID From FORUM_MEMBERS WHERE M_NAME=@Username AND M_PASSWORD=@Password";
using (SqlConnection conn = new SqlConnection(connStr))
{
using (SqlCommand cmd = new SqlCommand(sql, conn))
{
SqlParameter paramName = new SqlParameter();
paramName.ParameterName = "@Username";
paramName.Value = username;
cmd.Parameters.Add(paramName);
SqlParameter paramPwd = new SqlParameter();
paramPwd.ParameterName = "@Password";
paramPwd.Value = SHA256Hash(password);
cmd.Parameters.Add(paramPwd);
try
{
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
if (reader.HasRows)
{
return true;
}
else
{
return false;
}
}
catch {
//throw new Exception("Login Error");
return false;
}
}
}
}
نوشته شده در
Hi,
Did the agony booth get it to work?.If so can you post the code ? puthen<
Did the agony booth get it to work?.If so can you post the code ? puthen<