I have hashed the user password using Crypto.HashPassword('nakedPassword');
and saved this value in my db.
During signup:
public Status Signup(Customer user)
{
//change password to password hash & create a verification codetry
try
{
int pkid;
user.PASSWORD = Crypto.HashPassword(user.PASSWORD);
user.VER_CODE = Guid.NewGuid().ToString();
Mapper.CreateMap <Customer,user>();
var mappedcustomer = Mapper.Map<Customer,user>(user);
string result = _userRepository.Signup(mappedcustomer);
Status status = new Status();
if (result == "MOB_EXISTS")
{
status.setError("Mobile number already exists");
}
else if (result == "EMAIL_EXISTS")
{
status.setError("Email already exists");
}
} catch (Exception e) {}
}
Later during login when i retrieve using:
Status status = new Status();
try
{
string hashedPass = _userRepository.GetHashedPassByEmail(email);
if (Crypto.VerifyHashedPassword(hashedPass, password)) //<-- THIS LINE THROWS THE EXCEPTION
{
//authenticated
status.setSuccess("Login successful !");
}
else
{
status.setError("Invalid Credentials. Please try again.");
}
}
catch (Exception e)
{
status.setError("Error during login. Please check the credentials and try again.");
}
The pointed line throws the exception
System.FormatException
Invalid length for a Base-64 char array or string.
Stacktrace:
at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength) at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s) at System.Web.Helpers.Crypto.VerifyHashedPassword(String hashedPassword, String password) at Tmmmt.Business.UserProvider.login(String email, String password) in c:\Users\MacBook\Source\Repos\tmmmt.com\Tmmmt.Business\UserProvider.cs:line 802
Note: This does not happen all the time but happens on certain signups only. See Crypto.VerifyHashedPassword
EDIT:
When i looked into my code for signup i saw a hash getting generated but it is truncated when writing to db.
For example..
Actual Hash: ANFRzzPtJ6H/hmsxmbPpkUgIDcmxoaWDV6Ej8Xes8+PupKnsKq3EI/cUTHCRZm9t+g==
Hash in Db: ANFRzzPtJ6H/hmsxmbPpkUgIDcmxoaWDV6Ej8Xes8+PupKnsKq
The password field in the db is varchar(8000)
and i am putting it through the following way..
public virtual ObjectResult<string> sp_signupweb(string name, string email, string passHash, string code, Nullable<long> mob, Nullable<int> utc, string verifycode, ObjectParameter result)
{
...//some code//
var passHashParameter = passHash != null ?
new ObjectParameter("passHash", passHash) :
new ObjectParameter("passHash", typeof(string));
//.... some more code
return ((IObjectContextAdapter)this).ObjectContext.ExecuteFunction<string>("sp_signupweb", nameParameter, emailParameter, passHashParameter, codeParameter, mobParameter, utcParameter, verifycodeParameter, result);
}
Can someone please explain the truncation and help me solve it.
Aucun commentaire:
Enregistrer un commentaire