protected void btn_submitChangePwd_Click(object sender, EventArgs e) { AS_Service_Reference.Service1Client client = new AS_Service_Reference.Service1Client(); var current_user = client.GetOneUser(Session["UserEmail"].ToString()); var new_password = HttpUtility.HtmlEncode(tb_changePwd.Text.Trim()); var pwdStrength = checkPassword(new_password); if (pwdStrength != 5) { checkPasswordFeedback(new_password); } else { salt = current_user.PasswordSalt; SHA512Managed hashing = new SHA512Managed(); string new_pwdWithSalt = new_password + salt; byte[] newhashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(new_pwdWithSalt)); var new_finalHash = Convert.ToBase64String(newhashWithSalt); // If new password match old password if (new_finalHash == current_user.PasswordHash) { lbl_resultMsg.Text = "Error, input same as your current password"; lbl_resultMsg.ForeColor = Color.Red; return; } if (current_user.PasswordChangeCoolDown > DateTime.Now) { lbl_resultMsg.Text = "Error, you are not allowed to change passwords repeatedly in a short span of time"; lbl_resultMsg.ForeColor = Color.Red; return; } else { // Test whether the salt value are the same /* lbl_resultMsg.Text = $"{new_finalHash} | {current_user.PasswordHash}"; * lbl_resultMsg.ForeColor = Color.Red;*/ if (new_finalHash == current_user.PasswordHash_1 || new_finalHash == current_user.PasswordHash_2) { lbl_resultMsg.Text = "Error, you are not allowed to reuse recent passwords"; lbl_resultMsg.ForeColor = Color.Red; } else { client.ChangePassword(current_user.Email, new_finalHash, current_user.PasswordHash, current_user.PasswordHash_1, current_user.PasswordHash_2); lbl_resultMsg.Text = "Password changed successfully"; lbl_resultMsg.ForeColor = Color.Green; } } } }