3

I am making a login page and i saved the user's details and hashed password in the CUSTOMERS table, but i cant send the salt and the typed password i get from the database and the user to my method

 var UserInput = db.CUSTOMERs.Where(b => b.EMAIL == cUSTOMER.EMAIL && b.PASSWORD == sha256(b.SALT+cUSTOMER.PASSWORD).ToString()).FirstOrDefault() ;

Hash method

 static string sha256(string password)
    {
        System.Security.Cryptography.SHA256Managed crypt = new System.Security.Cryptography.SHA256Managed();
        System.Text.StringBuilder hash = new System.Text.StringBuilder();
        byte[] crypto = crypt.ComputeHash(Encoding.UTF8.GetBytes(password), 0, Encoding.UTF8.GetByteCount(password));
        foreach (byte theByte in crypto)
        {
            hash.Append(theByte.ToString("x2"));
        }
        return hash.ToString();
    }
Improve this question

1 Answer 1

Reset to default
1

You have the error because Linq To Entities hence Entity Framework can't be used to compose with function that can't be translated into SQL. So your custom method sha256 and ToString.Net method are the main causes.

To make it work you must first get the user by email then check that the user has his password hash equal to the genrated one.

So you need to rewrite your code like this:

var UserInput = db.CUSTOMERs.FirstOrDefault(b => b.EMAIL == cUSTOMER.EMAIL);
if(UserInput != null && UserInput.PASSWORD == sha256(UserInput.SALT+cUSTOMER.PASSWORD))
{
    // The user email and password match
}
else
{
    // The user not found or the password does not match
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

changed from b.SALT to UserInput.SALT and worked perfectly thanks a lot

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.