public void ChangePassword(User user, string oldPassword, string newPassword) { if (PasswordUtility.CheckPassword(oldPassword, user.Password)) { PasswordHash newPasswordHash = PasswordUtility.GeneratePasswordHash(newPassword); user.Password = newPasswordHash; using SqlConnection connection = new SqlConnection(connectionString); connection.Open(); using SqlCommand command = connection.CreateCommand(); command.CommandText = "UPDATE dbo.Users " + "set PasswordSalt= @PasswordSalt, PasswordHash=@PasswordHash, DateModified=@DateModified " + "Where Id=@Id"; user.DateCreated = (DateTime)(user.DateModified = DateTime.UtcNow); command.Parameters.Add("@Id", SqlDbType.Int).Value = user.Id; command.Parameters.Add("@PasswordSalt", SqlDbType.VarBinary).Value = user.Password.Salt; command.Parameters.Add("@PasswordHash", SqlDbType.VarBinary).Value = user.Password.Hash; command.Parameters.Add("@DateModified", SqlDbType.DateTime2).Value = user.DateModified; command.ExecuteScalar(); } }
/// <summary> /// Hashes the password with a random salt, and returns the salt and hash. /// </summary> /// <param name="password">The password to be hashed.</param> /// <returns>A PasswordHash object containing the salt and hash.</returns> public static PasswordHash GeneratePasswordHash(string password) { return(PasswordUtility.GeneratePasswordHash(password)); }
/// <summary> /// Hashes the password with a random salt, and returns the salt and hash. /// </summary> /// <param name="password">The password to be hashed.</param> /// <returns>A PasswordHash object containing the salt and hash.</returns> public static PasswordHash GeneratePasswordHash(string password) => PasswordUtility.GeneratePasswordHash(password);