In my Application, the HASHBYTES SQL function returns different values for same string.
Below is my user creation code.
Guid fillerG = Guid.NewGuid();
using (SqlCommand com = new SqlCommand("INSERT INTO App_Users (UserName, PasswordHash, PasswordSalt) VALUES ('" + userNameTxt.Text + "', HASHBYTES ( 'SHA1', CONVERT(NVARCHAR(100), '" + userPassword.Text + fillerG.ToString() + "') ), '" + fillerG.ToString() + "'; ", con))
{
com.ExecuteNonQuery();
}
If I compare the above inserted row in my Login Page, It doesn't match.
This is my comparing script.
SqlCommand loginCom = new SqlCommand("select COUNT(UserID) FROM App_Users WHERE UserName = '" + Login1.UserName.Replace("'", "''") + "' AND PasswordHash = HASHBYTES('SHA1', '" + Login1.Password.Replace("'", "''") + "' + CONVERT(NVARCHAR(36), PasswordSalt))", loginCon);
The first code stores the passwordHash as this:
0xDAC9280F85B40C06314228876717E342432807DB
But in the query window, the HASHBYTES function with same value returns this:
0xA561FBD35713F922AD761594658C193F12B82791