从表列读取二进制到byte []数组

Question

从表列读取二进制到byte []数组

Jam*_*son 6 c# sql-server asp.net arrays

我在我的应用程序中使用PBKDF2来存储用户密码.在我的Users表中,我有一个Salt和Password列,其确定如下:

// Hash the users password using PBKDF2
var DeriveBytes = new Rfc2898DeriveBytes(_Password, 20);
byte[] _Salt = DeriveBytes.Salt;
byte[] _Key = DeriveBytes.GetBytes(20);  // _Key is put into the Password column

Run Code Online (Sandbox Code Playgroud)

在我的登录页面上,我需要检索此盐和密码.因为它们是byte []数组,所以我将它们存储在我的表中varbinary(MAX).现在我需要检索它们以与用户输入的密码进行比较.我该怎么用SqlDataReader呢？目前我有这个:

cn.Open();
SqlCommand Command = new SqlCommand("SELECT Salt, Password FROM Users WHERE Email = @Email", cn);
Command.Parameters.Add("@Email", SqlDbType.NVarChar).Value = _Email;
SqlDataReader Reader = Command.ExecuteReader(CommandBehavior.CloseConnection);
Reader.Read();
if (Reader.HasRows)
{
    // This user exists, check their password with the one entered
    byte[] _Salt = Reader.GetBytes(0, 0, _Salt, 0, _Salt.Length);
}
else
{
    // No user with this email exists
    Feedback.Text = "No user with this email exists, check for typos or register";
}

Run Code Online (Sandbox Code Playgroud)

但我知道这是错误的事实.其他方法Reader只有一个参数是要检索的列的索引.

Answer 1

cmd*_*mpt 8

byte[]到目前为止,将它直接投射到一个对我有用.

using (SqlConnection c = new SqlConnection("FOO"))
{
    c.Open();
    String sql = @"
        SELECT Salt, Password 
        FROM Users 
        WHERE (Email = @Email)";
    using (SqlCommand cmd = new SqlCommand(sql, c))
    {
        cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = _Email;
        using (SqlDataReader d = cmd.ExecuteReader())
        {
            if (d.Read())
            {
                byte[] salt = (byte[])d["Salt"];
                byte[] pass = (byte[])d["Password"];

                //Do stuff with salt and pass
            }
            else
            {
                // NO User with email exists
            }
        }
    }
}

Run Code Online (Sandbox Code Playgroud)

归档时间：	13 年，3 月前
查看次数：	27327 次
最近记录：	7 年，2 月前