Reading binary from table column into byte[] array
Solution 1
Casting it directly to a byte[]
has worked for me so far.
using (SqlConnection c = new SqlConnection("FOO"))
{
c.Open();
String sql = @"
SELECT Salt, Password
FROM Users
WHERE (Email = @Email)";
using (SqlCommand cmd = new SqlCommand(sql, c))
{
cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = _Email;
using (SqlDataReader d = cmd.ExecuteReader())
{
if (d.Read())
{
byte[] salt = (byte[])d["Salt"];
byte[] pass = (byte[])d["Password"];
//Do stuff with salt and pass
}
else
{
// NO User with email exists
}
}
}
}
Solution 2
I'm not sure why you think the code you wrote is wrong (please explain). But specifically for the error:
Notice that GetBytes returns a long
not a byte array.
So, you should use:
Reader.GetBytes(0, 0, _Salt, 0, _Salt.Length);
or
long bytesRead = Reader.GetBytes(0, 0, _Salt, 0, _Salt.Length);
James Dawson
Updated on August 07, 2022Comments
-
James Dawson almost 2 years
I'm using PBKDF2 in my application to store users passwords. In my Users table, I have a
Salt
andPassword
column which is determined like this:// Hash the users password using PBKDF2 var DeriveBytes = new Rfc2898DeriveBytes(_Password, 20); byte[] _Salt = DeriveBytes.Salt; byte[] _Key = DeriveBytes.GetBytes(20); // _Key is put into the Password column
On my login page I need to retrieve this salt and password. Because they're byte[] arrays, I store them in my table as
varbinary(MAX)
. Now I need to retrieve them to compare against the users entered password. How would I do that usingSqlDataReader
? At the moment I have this:cn.Open(); SqlCommand Command = new SqlCommand("SELECT Salt, Password FROM Users WHERE Email = @Email", cn); Command.Parameters.Add("@Email", SqlDbType.NVarChar).Value = _Email; SqlDataReader Reader = Command.ExecuteReader(CommandBehavior.CloseConnection); Reader.Read(); if (Reader.HasRows) { // This user exists, check their password with the one entered byte[] _Salt = Reader.GetBytes(0, 0, _Salt, 0, _Salt.Length); } else { // No user with this email exists Feedback.Text = "No user with this email exists, check for typos or register"; }
But I know for a fact that it's wrong. Other methods in
Reader
have only one parameter being the index of the column to retrieve. -
James Dawson over 11 yearsIf you look at the needed parameters for the method you can see that my parameters aren't correct, but I don't know what to specify. And I can't convert it to a long, it has to be returned as a byte array for my password checking to work.
-
Blachshma over 11 years@JamesDawson Please read the description of the GetBytes functions (which I posted in my answer): Reads a stream of bytes from the specified column offset into the buffer an array starting at the given buffer offset. In other words, in your example will copy the byte stream of column number 0 into the
_Salt
variable. Which is exactly what you asked for. (The return value of the GetBytes function is only the number of bytes read and therefore it's along
). Did you change the code as I recommended? Did it work?