private bool isValidPassword(string username, string password) { UserBE user = getUserFromDB(username); bool isValid = false; if (!string.IsNullOrEmpty(user.user)) { byte[] hashedPassword = Cryptographic.HashPasswordWithSalt(Encoding.UTF8.GetBytes(password), user.salt); if (hashedPassword.SequenceEqual(user.pass)) { isValid = true; } } return(isValid); }
private bool saveUser(string user, string password) { bool isSaved = false; byte[] salt = Cryptographic.GenerateSalt(); var hashedPassword = Cryptographic.HashPasswordWithSalt(Encoding.UTF8.GetBytes(password), salt); var connectionString = ConfigurationManager.ConnectionStrings["DemoCredentials"].ConnectionString; using (SqlConnection connection = new SqlConnection(connectionString)) { string saveUser = "******"; using (SqlCommand command = new SqlCommand()) { command.Connection = connection; command.CommandType = CommandType.Text; command.CommandText = saveUser; command.Parameters.Add("@username", SqlDbType.VarChar, 50).Value = user; command.Parameters.Add("@salt", SqlDbType.VarBinary).Value = salt; command.Parameters.Add("@pass", SqlDbType.VarBinary).Value = hashedPassword; try { connection.Open(); int recordsAffected = command.ExecuteNonQuery(); if (recordsAffected > 0) { isSaved = true; } } catch (SqlException ex) { lblResultado.Text = ex.Message; } finally { connection.Close(); } } } return(isSaved); }