Trouble inserting hashed password into database

Question

1.00/5 (1 vote)

See more:

I am trying to insert my hashed password into my database. I am using a BCrypt function to hash the password:

C#

#region Password Hash w/ BCrypt
        private static string GetRandomSalt()
        {
            return BCryptHelper.GenerateSalt(12);
        }

        public static string HashPassword(string password)
        {
            return BCryptHelper.HashPassword(password, GetRandomSalt());
        }

        public static bool ValidatePassword(string password, string correctHash)
        {
            return BCryptHelper.CheckPassword(password, correctHash);
        }
        #endregion

Here is the building of the query parameters:

C#

using (SqlConnection conn = new SqlConnection(connString))
                {
                    conn.Open();

                    SqlCommand cmd = new SqlCommand(insert, conn);

                    // build params
                    cmd.Parameters.AddWithValue("@FirstName", tbxFname.Text.Trim());
                    cmd.Parameters.AddWithValue("@LastName", tbxLname.Text.Trim());
                    cmd.Parameters.AddWithValue("@Email", tbxEmail.Text.Trim());
                    string password = HashPassword(tbxPassword.Text);
                    char[] hashedPassword = password.ToCharArray();
                    cmd.Parameters.AddWithValue("@HashedPassword", hashedPassword);
                    cmd.Parameters.AddWithValue("@Gender", rbnGender.SelectedValue.Trim());
                    cmd.Parameters.AddWithValue("@DateOfBirth", tbxDob.Text.Trim());
                    cmd.Parameters.AddWithValue("@DateCreated", DateTime.Now);

                    // execute
                    cmd.ExecuteNonQuery();
                    //lbl1.Text = "Success";
                }

The datatype I am using in my table is CHAR(60), and the error I am currently returning is:

Insert error: Implicit conversion from data type nvarchar to binary is not allowed. Use the CONVERT function to run this query.

Posted 19-Dec-14 6:37am

Enda Phelan

Add a Solution

Comments

Sergey Alexandrovich Kryukov 19-Dec-14 13:31pm

You should no use nvarchar at all. Essentially, any hashed (encrypted, compressed, etc.) data is binary, the array of bytes.
—SA

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2014-12-19T08:20:00

Try not converting it to a char array - send teh string directly:

C#

string password = HashPassword(tbxPassword.Text);
cmd.Parameters.AddWithValue("@HashedPassword", password);

Normally, I work with binary data for hashes, but since your BCryptHelper.HashPassword method is returning a string, it's probably best to stick with that.

The error message is probably because a .NET char array is treated as a byte array for transfer to SQL - so it assumes you are sending binary data instead of characters. Sending it as a string should fix that.