public bool ValidatePassword(string password, EncodedPassword encodedPassword) { // Create Hash var testHash = CreateHash(password, encodedPassword.Salt, encodedPassword.Iterations); return(testHash == encodedPassword.Hash); }
public EncodedPassword EncodePassword(string password, int iterations) { var populatedPassword = new EncodedPassword { Salt = CreateSalt(), Iterations = iterations }; // Add Hash populatedPassword.Hash = CreateHash(password, populatedPassword.Salt, iterations); return(populatedPassword); }
public async Task <IActionResult> Register(RegistrationRequest request) { EncodedPassword password = EncodePassword(request.Password, GenerateRandomSalt32()); User newUser = new User { Username = request.Username, Email = request.Email, Password = password.hash, Salt = password.salt }; await _context.Users.AddAsync(newUser); await _context.SaveChangesAsync(); return(new OkObjectResult(newUser)); }
public bool IsCorrect(string password, EncodedPassword encodedPassword) { var enc = encodedPassword?.Value; if (enc == null) { throw new DomainException("Invalid Encoded Password type.", DomainException.AppServiceLogAs.Error); } // Extract the parameters from the hash char[] delimiter = { ':' }; var split = enc.Split(delimiter); var iterations = int.Parse(split[0]); var salt = Convert.FromBase64String(split[1]); var hash = Convert.FromBase64String(split[2]); var testHash = PBKDF2(password, salt, iterations, hash.Length); return(BinaryEquals(hash, testHash)); }
/*public User updateUser(User user) * { * * }*/ private EncodedPassword EncodePassword(string password, string salt) { var encodedPassword = $"{password}{salt}"; var bytes = Encoding.UTF8.GetBytes(encodedPassword); using (SHA256 sha = new SHA256Managed()) { var hashedPasswordBytes = sha.ComputeHash(bytes); StringBuilder builder = new StringBuilder(); for (int i = 0; i < hashedPasswordBytes.Length; i++) { builder.Append(hashedPasswordBytes[i].ToString("x2")); } EncodedPassword finalPass = new EncodedPassword() { salt = salt, hash = builder.ToString() }; return(finalPass); } }