First of all, we need a table to store the data related to the login in a safe way.
The table we will create, will look like this:
This Table has these fields
- ID: Autoincrement Integer internal database field as Primary Key
- Identifier: Guid to use as Unique identifier in your application
- Login: This is the unique login (typically e-mail address)
- PasswordHash: This is the Hashed string of the actual password
- Salt: This is the unique Salt field
- Registered: This stores if the user is already registered or this is still pending
- Active: This is a field that indicates if the account is already/still active
Why do I use a Hash and Salt fields
When we hash a string, we receive a string that is impossible to transform back to it’s original form. But the most important fact is that we will always get the same result when we use the same hash algorithm.
When two or more users would have chosen the same password, it would also be stored as the same Hash. This might be something we want to avoid, so we need to add some random pattern, which is unique to the user but only internal to the database.
Follow this link to get the SQL Server script: Script to create the table