not getting same salted hash from the client......please suggest corrections if any
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
//ScriptManager.RegisterClientScriptBlock(this, typeof(Page), "key", "blogin(" + UniqueRandomNumber + ");", true);
Response.Cache.SetCacheability(HttpCacheability.NoCache);
btnLogin.Attributes.Add("onClick", "javascript:return isLogin();");
UniqueRandomNumber = CreateSalt(5);
txtRandomNo.Value = Convert.ToString(UniqueRandomNumber);
Session["RandomNumber"] = UniqueRandomNumber.ToString();
if (Session["loginMsg"] != null)
{
//tblLogin.Visible = true;
lblMsgLogin.Text = Session["loginMsg"].ToString();
}
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
//string clientSignature = "";
//clientSignature = txtSignOfPankajMishra.Value.ToString();
var username = AESEncrytDecry.DecryptStringAES(txtUserId.Text);
var z = txtRandomNo.Value;
var clientSignature = AESEncrytDecry.DecryptStringAES(txtSignOfPankajMishra.Value).ToUpper();
try
{
string strSql = "";
strSql = "select " + Constants.lnLoginId + "," + Constants.lnPwdHash + "," + Constants.lnUserName + "," + Constants.lnPermission + "," + Constants.lnUserCode;
strSql += " from " + Constants.tbl_Login + " where " + Constants.lnLoginId + "='" + username.ToString() + "'";
dT = dUT.GetDataTable(strSql);
if (dT.Rows.Count > 0)
{
string PwdHash = dT.Rows[0]["PwdHash"].ToString();
string svrSalt = Session["RandomNumber"].ToString();
string svrSignature = SHA.GenerateSHA512String(PwdHash + svrSalt);
string actionPage = "blank.aspx";
if (svrSignature == clientSignature)
{
Session["UserId"] = dT.Rows[0]["LoginId"].ToString();
Session["Permission"] = dT.Rows[0]["Permission"].ToString().ToUpper();
Session["UserName"] = dT.Rows[0]["UserName"].ToString().ToUpper();
Session["UserCode"] = dT.Rows[0]["UserCode"].ToString().ToUpper();
if (Session["Permission"].ToString().ToUpper() == "DEO")
{
actionPage = "blank.aspx";
}
Response.Redirect(actionPage);
//lblMsgLogin.Text = "Valid Login";
}
else
{
lblMsgLogin.Text = "Invalid Password !!!";
}
}
else
{
lblMsgLogin.Text = "Invalid UserId !!";
}
}
catch (Exception ex)
{
lblMsgLogin.Text = ex.Message;
}
}
private string CreateSalt(int size)
{
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
return Convert.ToBase64String(buff);
}
<script language="JavaScript" type="text/JavaScript">
function isLogin() {
UserId = document.getElementById("<%=txtUserId.ClientID%>").value;
if (UserId == "") {
alert("Please Enter Your UserId.");
document.getElementById("<%=txtUserId.ClientID%>").focus();
return false;
}
pwd = document.getElementById("<%=txtPwd.ClientID%>").value;
if (pwd == "") {
alert("Please Enter Your Password.");
document.getElementById("<%=txtPwd.ClientID%>").focus();
return false;
}
var pwdhash = Sha512.hash(pwd)
var noRand = '<%= this.UniqueRandomNumber %>';
//var noRand = document.getElementById("<%=txtRandomNo.ClientID%>").value;
var saltedHash = Sha512.hash(pwdhash + noRand);
document.getElementById("<%=TextBox1.ClientID%>").value = saltedHash;
document.getElementById("<%=txtClientsignature.ClientID%>").value = saltedHash;
var key = CryptoJS.enc.Utf8.parse('8080808080808080');
var iv = CryptoJS.enc.Utf8.parse('8080808080808080');
var encryptedlogin = CryptoJS.AES.encrypt(CryptoJS.enc.Utf8.parse(UserId), key,
{
keySize: 128 / 8,
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
var encryptedPwd = CryptoJS.AES.encrypt(CryptoJS.enc.Utf8.parse(saltedHash), key,
{
keySize: 128 / 8,
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
document.getElementById("<%=txtUserId.ClientID%>").value = encryptedlogin;
document.getElementById("<%=txtClientsignature.ClientID%>").value = encryptedPwd;
}
</script>