samedi 9 mai 2015

Crypto.VerifyHashedPassword throws exception

I have hashed the user password using Crypto.HashPassword('nakedPassword'); and saved this value in my db.

During signup:

public Status Signup(Customer user) 
{
    //change password to password hash & create a verification codetry 
    try 
    {
        int pkid;
        user.PASSWORD = Crypto.HashPassword(user.PASSWORD);
        user.VER_CODE = Guid.NewGuid().ToString();
        Mapper.CreateMap <Customer,user>();
        var mappedcustomer = Mapper.Map<Customer,user>(user);
        string result = _userRepository.Signup(mappedcustomer);
        Status status = new Status();
        if (result == "MOB_EXISTS") 
        {
            status.setError("Mobile number already exists");
        } 
        else if (result == "EMAIL_EXISTS") 
        {
            status.setError("Email already exists");
        }
    } catch (Exception e) {}
}

Later during login when i retrieve using:

Status status = new Status();
try
{
    string hashedPass = _userRepository.GetHashedPassByEmail(email);
    if (Crypto.VerifyHashedPassword(hashedPass, password)) //<-- THIS LINE THROWS THE EXCEPTION
    {
        //authenticated
        status.setSuccess("Login successful !");
    }
    else
    {
        status.setError("Invalid Credentials. Please try again.");
    }

}
catch (Exception e)
{
    status.setError("Error during login. Please check the credentials and try again.");
}

The pointed line throws the exception

System.FormatException

Invalid length for a Base-64 char array or string.

Stacktrace:

at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength) at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s) at System.Web.Helpers.Crypto.VerifyHashedPassword(String hashedPassword, String password) at Tmmmt.Business.UserProvider.login(String email, String password) in c:\Users\MacBook\Source\Repos\tmmmt.com\Tmmmt.Business\UserProvider.cs:line 802

Note: This does not happen all the time but happens on certain signups only. See Crypto.VerifyHashedPassword

EDIT:

When i looked into my code for signup i saw a hash getting generated but it is truncated when writing to db.

For example..

Actual Hash: ANFRzzPtJ6H/hmsxmbPpkUgIDcmxoaWDV6Ej8Xes8+PupKnsKq3EI/cUTHCRZm9t+g==

Hash in Db: ANFRzzPtJ6H/hmsxmbPpkUgIDcmxoaWDV6Ej8Xes8+PupKnsKq

The password field in the db is varchar(8000) and i am putting it through the following way..

public virtual ObjectResult<string> sp_signupweb(string name, string email, string passHash, string code, Nullable<long> mob, Nullable<int> utc, string verifycode, ObjectParameter result) 

{

    ...//some code//

     var passHashParameter = passHash != null ?
                    new ObjectParameter("passHash", passHash) :
                    new ObjectParameter("passHash", typeof(string));

    //.... some more code
                return ((IObjectContextAdapter)this).ObjectContext.ExecuteFunction<string>("sp_signupweb", nameParameter, emailParameter, passHashParameter, codeParameter, mobParameter, utcParameter, verifycodeParameter, result);

}

Can someone please explain the truncation and help me solve it.

Aucun commentaire:

Enregistrer un commentaire