public void CreateNewAccount() { //for demonstrative purposes string username = "******"; string password = "******"; string salt = BCrypt.Net.BCrypt.GenerateSalt(); string saltedPW = BCrypt.Net.BCrypt.HashPassword(password, salt); using (var context = new BCryptTestEntities()) { //You do not ever save the plaintext (var password) in the database, only the salted context.Accounts.Add(new Account() { Id = 0, username = username, password = saltedPW, salt = salt }); context.SaveChanges(); } }
public void VerifyLogin() { string username; string password; string salt; using (var context = new BCryptTestEntities()) { username = Account.Username; password = Account.Password; //check whether there's there's any such username in the database. var findSalt = context.Accounts.Where(e => e.username == username).FirstOrDefault(); salt = findSalt?.salt; //short circuit if (salt == null) { Message = "No such username/password combination found."; return; } //get the salted version of the user input with the salt from the account in the database string saltedPW = BCrypt.Net.BCrypt.HashPassword(password, salt); //check whether there's any account in the database with that username/password combination var findUser = context.Accounts.Where(e => e.username == username && e.password == saltedPW).FirstOrDefault(); if (findUser == null) { Message = "No such username/password combination found."; } else { Message = "Login succesful!"; //save the fact that the user has logged in in a variable. } } }