0 Replies - 349 Views - Last Post: 01 May 2019 - 05:54 AM Rate Topic: -----

#1 stkuan   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 01-May 19

SHA256 Hash MVC Login issue

Posted 01 May 2019 - 05:54 AM

Hello everybody, I am new new, so glad to find this forum.
Anyways, I have problem with logging in into my app after trying to use SHA256 Hash.
I tried to Salt and Hash my password. It is working in my Database I got both Salt and Hash when I register as a new user. But when I try to log in I got "Object reference not set to an instance of an object." error and shows me this line is problem
var salted = new byte[salt.Length + inputBytes.Length];


Here is my whole code, any help would be appreciated.

static RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();
        static SHA256 encryptor = SHA256.Create();
        readonly static int SaltLength = 32;




        public static byte[] MakeSalt(int maxLength)
        {
            var Salt = new byte[maxLength];
            random.GetNonZeroBytes(Salt);
            return Salt;
        }



        public static byte[] ComputeHash(string inputString, byte[] salt)
        {
            byte[] inputBytes = Encoding.UTF8.GetBytes(inputString);
            var salted = new byte[salt.Length + inputBytes.Length];

            inputBytes.CopyTo(salted, 0);
            salt.CopyTo(salted, inputBytes.Length);

            var hashed = encryptor.ComputeHash(salted);

            return hashed;
        }



        [AllowAnonymous]
        public ActionResult Register()
        {

            return View();
        }

        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public async Task<ActionResult> Register(RegisterViewModel model)
        {
            if (ModelState.IsValid)
            {
                Session_loginDBEntities db = new Session_loginDBEntities();

                TblUser newUser = new TblUser();

                newUser.Email = model.Email;
 
var salt = MakeSalt(SaltLength);
                newUser.Salt = salt;
                newUser.HashedPass = ComputeHash(model.Password, salt);





I am sorry, I dont' know how to edit my post, here is my full code here, I guess the problem is in Login method:


static RNGCryptoServiceProvider random = new RNGCryptoServiceProvider();
        static SHA256 encryptor = SHA256.Create();
        readonly static int SaltLength = 32;


        public static byte[] MakeSalt(int maxLength)
        {
            var Salt = new byte[maxLength];
            random.GetNonZeroBytes(Salt);
            return Salt;
        }



        public static byte[] ComputeHash(string inputString, byte[] salt)
        {
            byte[] inputBytes = Encoding.UTF8.GetBytes(inputString);
            var salted = new byte[salt.Length + inputBytes.Length];

            inputBytes.CopyTo(salted, 0);
            salt.CopyTo(salted, inputBytes.Length);

            var hashed = encryptor.ComputeHash(salted);

            return hashed;
        }



        [AllowAnonymous]
        public ActionResult Register()
        {

            return View();
        }

        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public async Task<ActionResult> Register(RegisterViewModel model)
        {
            if (ModelState.IsValid)
            {
                Session_loginDBEntities db = new Session_loginDBEntities();

                TblUser newUser = new TblUser();

                newUser.Email = model.Email;


                var salt = MakeSalt(SaltLength);
                newUser.Salt = salt;
                newUser.HashedPass = ComputeHash(model.Password, salt);

                
                db.TblUsers.Add(newUser);
                db.SaveChanges();

                Session["user"] = (db.TblUsers.Select(x => x).OrderByDescending(x => x.UserID).Take(1)).ToList()[0];

                return RedirectToAction("Index", "Manage");

            }

            return View(model);
        }

        

        [AllowAnonymous]
        public ActionResult Login(string returnUrl)
        {
            ViewBag.ReturnUrl = returnUrl;
            return View();
        }


        [HttpPost]
        [AllowAnonymous]
        public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
        {



            string email = model.Email;

            string password = model.Password;

            Session_loginDBEntities db = new Session_loginDBEntities();

            List<TblUser> allUsers = db.TblUsers.ToList();
         
            foreach (var user in allUsers)
            {

                    var salt = user.Salt;
                    var hash = ComputeHash(password, salt);

                 

                              if (hash.Equals(user.HashedPass) && user.Email.Equals(email))
                        {
                           

                            Session["user"] = user;

                            Session.Timeout = 60;

                            return RedirectToAction("Index", "Home");
                        }
                    

            }


Is This A Good Question/Topic? 0
  • +

Page 1 of 1