So I have a ASP.NET v 4.0 Web Forms application connecting to MySQL Server v 5.2.47. It has a user creating an account.
The user selects his username and password, my program creates a salt and then adds the salt to his password and hashes that. Then the program stores the user name, salt, and the hash into the MySQL database.
So after an account being created the user afterwards just needs to log in by entering their username and password. What is the ideal way to be able to retrieve their salt to determine if they can log in? Because the user doesn't know their salt.
For me the only solution for this is to initially have a query that goes "SELECT salt FROM database WHERE UserName = UserNameTextbox.Text"
And then once I get the salt that matches the users username, I'd have to execute another query that goes
"SELECT * FROM database WHERE UserName = UserNameTextbox.Text AND HashedSaltPassword = Hashed(salt + PasswordTextbox.Text)";
I can't see anyway around doing this, and for some reason I don't think this is the ideal way to do so. Is there a better way?