C# (CSharp) SHA256PasswordService Examples

Example #1

File: UserEntity.cs Project: Amsh285/RestServer

        public AuthenticationResult Authenticate(string userName, byte[] password, NpgsqlTransaction transaction)
        {
            Assert.NotNull(userName, nameof(userName));
            Assert.NotNull(password, nameof(password));

            User match = userRepository.GetUser(userName, transaction);

            if (match == null)
            {
                return(AuthenticationResult.Failed);
            }

            byte[] compareHash = SHA256PasswordService.GenerateHash(password, match.Salt);

            if (compareHash.Length != match.Password.Length)
            {
                return(AuthenticationResult.Failed);
            }

            for (int i = 0; i < compareHash.Length; i++)
            {
                if (compareHash[i] != match.Password[i])
                {
                    return(AuthenticationResult.Failed);
                }
            }

            return(AuthenticationResult.Success);
        }

Example #2

File: UserRepository.cs Project: Amsh285/RestServer

        //ev refactoren
        public void Register(RegisterUser newUser)
        {
            Assert.NotNull(newUser, nameof(newUser));

            byte[] salt = new byte[32];

            using (RNGCryptoServiceProvider cryptoServiceProvider = new RNGCryptoServiceProvider())
            {
                cryptoServiceProvider.GetBytes(salt);
            }

            byte[] passwordHash = SHA256PasswordService.GenerateHash(Encoding.UTF8.GetBytes(newUser.Password), salt);

            using (NpgsqlConnection connection = database.CreateAndOpenConnection())
                using (NpgsqlTransaction transaction = connection.BeginTransaction())
                {
                    if (!UserNameExists(newUser, transaction))
                    {
                        string insertUserStatement = @"INSERT INTO public.""User""(""FirstName"", ""LastName"", ""UserName"", ""Email"", ""Password"",
                                ""Salt"", ""HashAlgorithm"", ""Coins"", ""Rating"", ""GamesPlayed"", ""Winrate"")
	                            VALUES(@firstName, @lastName, @userName, @email, @password, @salt, @hashAlgorithm, @coins, @rating, @gamesplayed, @winrate); "    ;

                        database.ExecuteNonQuery(insertUserStatement, transaction,
                                                 new NpgsqlParameter("firstName", newUser.FirstName),
                                                 new NpgsqlParameter("lastName", newUser.LastName),
                                                 new NpgsqlParameter("userName", newUser.UserName),
                                                 new NpgsqlParameter("email", newUser.Email),
                                                 new NpgsqlParameter("password", passwordHash),
                                                 new NpgsqlParameter("salt", salt),
                                                 new NpgsqlParameter("hashAlgorithm", "SHA256"),
                                                 new NpgsqlParameter("coins", 20),
                                                 new NpgsqlParameter("rating", 1500),
                                                 new NpgsqlParameter("gamesplayed", (object)0),
                                                 new NpgsqlParameter("winrate", (object)0)
                                                 );

                        transaction.Commit();
                    }
                    else
                    {
                        throw new UniqueConstraintViolationException(
                                  $"Registrierung fehlgeschlagen. Benutzername: {newUser.UserName} wurde bereits vergeben."
                                  );
                    }
                }
        }