C # and SQL Server: passwords. Where to do what?

Question

C # and SQL Server: passwords. Where to do what?

Ok, I have an application written in C #. We have data on SQL Server. Among this data, there are user accounts that will provide access to the application.

I read about this, and I know that you should solo both the hash and maybe the hash a bunch of times, etc. But where should I do? What can I send to SQL Server? What exactly do I store in the database? Am I using it in SQL? (maybe the hash function is there, like in mysql?) Am I doing a hash and doing fancy things in my code? Am I sending a hash to the server and comparing, or getting a hash from the server and comparing in my application? How about salt? Where can i do this? Where do I keep it? How to get it?

In other words, can someone give me a good and clear walkthrough of the login script (and possibly the script to add the user / reset). What is where, where to use, etc.

Hope someone can clear this for me =)

+3

c # passwords sql-server encryption hash

Svish Jan 26 '09 at 19:51

source share

4 answers

# + SQL Server MembershipProvider, .

, - . , , . , , , . , , - , .

+6

Joel Coehoorn 26 . '09 19:54

ASP.NET, - , .

, , , - . , , , , - . , #. .

0

Mitchel Sellers 26 . '09 19:57

, .

, ASP.NET, ; HashPasswordForStoringInConfigFile FormsAuthentication. , .

: - hte. - . - ? , , .

; .

, , , Provider .

, , , , (HTTPS) .

0

Jeff Siver 26 . '09 20:35

Vojislav Stojkovic · Accepted Answer · 2009-01-26T20:00:52+0000

I completely agree with Joel Coehoorn, the best choice is to trust someone else to try and true implementation. If, however, you decide to flip your own security implementation, then my advice is this:

Store the hash and salt in the database.
Create a hash and salt in your own code. This way you are not tied to a specific database.
. , , , , .

C # and SQL Server: passwords. Where to do what?

More articles: