Hello,
You need to store the salt as well in the database. For example the htpasswd.exe from Apache Httpd server stores the salt as first two character (in case of crypt) & as first eight characters (ini case of md5), in the hashed pasword itself.
In your case also you can adopt similar strategy. Your stored password could be generated as shown below
string salt = CreateSalt(num);
string saltpwd = String.Concat(salt, TextBox2.Text);
string strPwdHash = String.concat("$", salt, "$", CreatePasswordHash(saltpwd));
Now when you want to compare the passwords perform similar steps on user input and compare two hashes as shown below
string strDBPwd = String.Empty;
string strCon = ConfigurationManager.ConnectionStrin gs["conn"].ConnectionString
SqlConnection Conn = new SqlConnection(strCon);
Conn.Open();
SqlCommand Cmd = new SqlCommand("SELECT * FROM Users WHERE (usr_UserName=@FUserName) ");
Cmd.Parameters.AddWithValue("@FUserName", TextBox1.Text.Trim());
Cmd.Connection = Conn;
SqlDataReader reader = Cmd.ExecuteReader();
reader.Read();
if (reader.HasRows)
{
if (!reader.IsDBNull(reader.GetOrdinal("usr_Password" )))
{
strDBPwd = reader.GetString(reader.GetOrdinal("usr_Password") );
}
}
string[] toks = strDBPwd.split(new char[] {'$'}, StringSplitOptions.RemoveEmptyEntries);
string salt = toks[1];
string saltpwd = String.Concat(salt, TextBox2.Text);
string strPwdHash = CreatePasswordHash(saltpwd);
int result = String.Compare(strPwdHash, toks[3], true);
Regards,