Values are not inserting what I have sent from C# ASP.NET data and also I have another problem with displaying the id in url

Question

0.00/5 (No votes)

See more:

i have a table users in which the columns are sessionid, userid, username, password, roleid and usertype.

The values are as follows:
1) sessionid is c# asp.net page Session.SessionID with varchar(32) as datatype
2) userid is integer datatype starting with 1 and so on and it is not auto_increment
3) username is value entered from the textbox with varchar(30) as datatype
4) password is value entered from the textbox and also encrypting it using RSA Algorithm with varchar(max) as datatype
5) roleid is not required right now but later when the roles have been created the admin will update it later accordingly.... with int as datatype
6) usertype is used to define the user which type for example: Admin,Project manager, Team lead etc., with varchar(20) as datatype.

Now my problem is when user is registering from the asp.net to SQL server the data is inserted as normal but password is 2048 hash registering only 20 characters and usertype is of varchar(20) inserting only 3 characters like Adm, Pro for (Project Manager).

I am having another problem after registering the account redirecting it to login page to login the particular user but the problem exists here that
http://localhost:7518/(S(rbgid3fbbhidltfcywqv3435))/Login.aspx[^]

why i am getting an extra in url and what it says i doesn't know what is the error please tell me the solution for this issue

What I have tried:

string uname = Request.Form["username"].ToString();
string password = Request.Form["password"].ToString();
string utype = Request.Form["usertype"].ToString();
Int32? roleid = null;

SqlConnection con = new SqlConnection(strCon);
SqlCommand cmd = new SqlCommand("SELECT UserID FROM Users", con);
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (!dr.HasRows)
{
   UserID = 1;
}
ObjUser.SessionID = Session.SessionID;
ObjUser.UserID = UserID == 1 ? 1 : UserID++;
ObjUser.UserName = uname;
ObjUser.Password = RSAEncrypt(password);
ObjUser.UserType = utype;
ObjUser.ObjRole.RoleID = roleid;

cmd.Parameters.AddWithValue("@chvSessionID", ObjUser.SessionID);
cmd.Parameters.AddWithValue("@intUserID", ObjUser.UserID);
cmd.Parameters.AddWithValue("@chvUserName", ObjUser.UserName);
cmd.Parameters.AddWithValue("@chvPassword", ObjUser.Password);
cmd.Parameters.AddWithValue("@intRoleID", ObjUser.ObjRole.RoleID == null ? (object)DBNull.Value : ObjUser.ObjRole.RoleID).SqlDbType = SqlDbType.Int;
cmd.Parameters.AddWithValue("@chUserType", ObjUser.UserType);

Posted 10-Jan-19 20:52pm

Member 8583441

Updated 10-Jan-19 21:27pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2019-01-10T21:27:00

Solution 1

Don't encrypt passwords - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

Posted 10-Jan-19 21:27pm

OriginalGriff

Comments

Member 8583441 11-Jan-19 5:43am

now i am doing any encryption but creating hashbytes for password in SQL server as explained by

https://www.mssqltips.com/sqlservertip/4037/storing-passwords-in-a-secure-way-in-a-sql-server-database/

as is done perfectly but when comes into C# ASP.Net not getting the output returning error. Please help me in this point

Member 8583441 11-Jan-19 5:54am

problem is solved... the error occurred at stored procedure parameter initialization in data access layer in c# asp.net. When i changed that parameter the error occurred. Thanks a lot sir for giving me the way to store the password.

OriginalGriff 11-Jan-19 6:08am

You're welcome!