-
May 2nd, 2016, 01:33 AM
#1
C# login code cleaning
I'll try to be as detailed as possible
So basically i'm in the middle of designing an c# and sql server application for a friend On the application startup it requires a user to enter their code into the password box on the application that they were given by the admin instead of having a user register in the application he wants this to ensure the passwords for the user are strong long password
So for each new user an admin would have to add their details and code to the database so that they can access the application
The codes for each user needs to store in a SQL server database but i don't want to store them in plain text as this is very insecure and as the server is connect to the Internet and should someone gain access would compromise his users and business
I don't usually deal with making user login or cryptography so i'm kinda at a roadblock here and would like some help
how do I securely store them with hashing and salt if theres no user registration in the application
basically this is what ive gotten so far
Code:
using System;
using System.Windows;
using System.Windows.Input;
using System.Data.SqlClient;
using System.Windows.Threading;
namespace Prototype
{
/// <summary>
/// Interaction logic for AuthenticationScreen.xaml
/// </summary>
public partial class AuthenticationScreen : Window
{
public AuthenticationScreen()
{
InitializeComponent();
DispatcherTimer CurrentTimeTimer = new DispatcherTimer();
CurrentTimeTimer.Interval = TimeSpan.FromSeconds(0.1);
CurrentTimeTimer.Tick += CurrentTimeTimer_Tick;
CurrentTimeTimer.Start();
}
public void CurrentTimeTimer_Tick(object sender, EventArgs e)
{
DateTimeLabel.Content = DateTime.Now.ToString("hh:mm:ss tt");
}
private void PasswordInputKeyDown(object sender, KeyEventArgs e)
{
if (e.Key == Key.Enter) //only accepts enter key
{
MessageBox.Show("checking password");
try
{
SqlConnection connection = new SqlConnection(@"Server=*****;Database=prototype;Trusted_Connection=True;"); //Connection string to database
connection.Open(); //opens the connection to database
SqlCommand cmd = new SqlCommand("SELECT Password Code: From database.User Personnel WHERE Password Code: = '" + PasswordInput.Password + "' ,connection"); // validates user input against database records
cmd.Connection = connection;
SqlDataReader DataReader = cmd.ExecuteReader();
MessageBox.Show("Connection Established");
int count = 1;
if (count == 1) //If count is equal to 1, than input is authenticated
{
MessageBox.Show("password correct");
connection.Close(); //closes the connection to database
this.Hide();
}
else //If count doesn't equal 1 than input is incorrect and application is closed
{
connection.Close(); //closes the connection to database
MessageBox.Show("password into correct");
Application.Current.Shutdown();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
}
}
im getting an error saying
Incorrect syntax near the keyword 'From' the label 'code' has already been declared label names must be unique within a query batch or stored procedure
any help in condensing/cleaning or fixing this is greatly appreciated
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|