I'm writing an ASP web project for a degree module and I have to insert some login details into a login table. It was working fine whilst I had it running as a script in the .aspx file, but I needed to hash the password so, not knowing a way to do it outside the Code Behind file, I moved the SQLDataSource. This is the insert, which doesn't work.
SqlDataSource sqldsInsertPassword = new SqlDataSource();
sqldsInsertPassword.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
sqldsInsertPassword.ProviderName = ConfigurationManager.ConnectionStrings["ConnectionString"].ProviderName;
sqldsInsertPassword.InsertCommand = "INSERT INTO login (Password, Email) VALUES (@Password, @Email)";
sqldsInsertPassword.InsertCommandType = SqlDataSourceCommandType.Text;
sqldsInsertPassword.InsertParameters.Add("@Email", txtEmail.Text.ToString().ToLower());
sqldsInsertPassword.InsertParameters.Add("@Password", Convert.ToBase64String(getSHA256(txtPassword.Text.ToString())));
sqldsInsertPassword.Insert();
I don't see what's wrong with that, but maybe you can tell from the rest of the class.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data.Sql;
using System.Web.Security;
using System.Configuration;
using System.Security.Cryptography;
using System.Text;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
public static byte[] getSHA256(string password)
{
SHA256CryptoServiceProvider sha = new SHA256CryptoServiceProvider();
return sha.ComputeHash(System.Text.Encoding.ASCII.GetBytes(password));
}
protected void btnRegister_Click(object sender, EventArgs e)
{//check email, insert user, SQL command get user ID, insert password
SqlDataReader drExistingUsers = (SqlDataReader)sqldsCheckEmail.Select(DataSourceSelectArguments.Empty);
drExistingUsers.Read();
if (drExistingUsers.HasRows == false)
{
drExistingUsers.Close();
bool fault = false;
try
{
sqldsInsertUser.Insert();
}
catch (Exception error)
{
fault = true;
lblError.Text = "Error: " + error;
}
if (fault == false)
{
try
{
SqlDataSource sqldsInsertPassword = new SqlDataSource();
sqldsInsertPassword.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
sqldsInsertPassword.ProviderName = ConfigurationManager.ConnectionStrings["ConnectionString"].ProviderName;
sqldsInsertPassword.InsertCommand = "INSERT INTO login (Password, Email) VALUES (@Password, @Email)";
sqldsInsertPassword.InsertCommandType = SqlDataSourceCommandType.Text;
sqldsInsertPassword.InsertParameters.Add("@Email", txtEmail.Text.ToString().ToLower());
sqldsInsertPassword.InsertParameters.Add("@Password", Convert.ToBase64String(getSHA256(txtPassword.Text.ToString())));
sqldsInsertPassword.Insert();
}
catch (Exception insertError)
{
fault = true;
lblError.Text = "Error: " + insertError;
}
if (fault == false)
Response.Redirect("Login.aspx");
}
}
else
lblError.Text = "Email already exists.";
}
I appreciate there's a lot of namespaces I probably don't need in there, but I will tidy those up later.
Thanks to those who reply!
Best Answer
Okay I fixed it, there's some kind of issue with the formatting of the insert parameters there. Basically, I reformatted my SQLDataSource in the .aspx file to look like so,
After that, I changed the code in the Code Behind to this;
And now it works. I don't know if the old Code Behind method of inserting parameters would've worked as well, but I'm not going to try.