public PasswordUtil GetHashedPassword(string password)
{
byte[] saltBytes = this.GenerateRandomByte(this.KeyLength);
byte[] passwordAsBytes = Encoding.UTF8.GetBytes(password);
List <byte> passwordWithSaltBytes = new List <byte>();
passwordWithSaltBytes.AddRange(passwordAsBytes);
passwordWithSaltBytes.AddRange(saltBytes);
byte[] hashedPasswordBytes = SHA256.Create().ComputeHash(passwordWithSaltBytes.ToArray());
string salt = Convert.ToBase64String(saltBytes);
string hashedPassword = Convert.ToBase64String(hashedPasswordBytes);
PasswordUtil passwordUtil = new PasswordUtil()
{
PlainPassword = password, HashedPassword = hashedPassword, Salt = salt
};
return(passwordUtil);
}
public Boolean comparePassword(PasswordUtil passwordUtil)
{
byte[] saltBytes = Convert.FromBase64String(passwordUtil.Salt);
byte[] passwordAsBytes = Encoding.UTF8.GetBytes(passwordUtil.PlainPassword);
List <byte> passwordWithSaltBytes = new List <byte>();
passwordWithSaltBytes.AddRange(passwordAsBytes);
passwordWithSaltBytes.AddRange(saltBytes);
byte[] hashedPasswordBytes = SHA256.Create().ComputeHash(passwordWithSaltBytes.ToArray());
string hashedPassword = Convert.ToBase64String(hashedPasswordBytes);
if (passwordUtil.HashedPassword == hashedPassword)
{
return(true);
}
else
{
return(false);
}
}