public void ChangePassword(User user, string oldPassword, string newPassword)
{
if (PasswordUtility.CheckPassword(oldPassword, user.Password))
{
PasswordHash newPasswordHash = PasswordUtility.GeneratePasswordHash(newPassword);
user.Password = newPasswordHash;
using SqlConnection connection = new SqlConnection(connectionString);
connection.Open();
using SqlCommand command = connection.CreateCommand();
command.CommandText =
"UPDATE dbo.Users "
+ "set PasswordSalt= @PasswordSalt, PasswordHash=@PasswordHash, DateModified=@DateModified "
+ "Where Id=@Id";
user.DateCreated = (DateTime)(user.DateModified = DateTime.UtcNow);
command.Parameters.Add("@Id", SqlDbType.Int).Value = user.Id;
command.Parameters.Add("@PasswordSalt", SqlDbType.VarBinary).Value = user.Password.Salt;
command.Parameters.Add("@PasswordHash", SqlDbType.VarBinary).Value = user.Password.Hash;
command.Parameters.Add("@DateModified", SqlDbType.DateTime2).Value = user.DateModified;
command.ExecuteScalar();
}
}
/// <summary>
/// Hashes the password with a random salt, and returns the salt and hash.
/// </summary>
/// <param name="password">The password to be hashed.</param>
/// <returns>A PasswordHash object containing the salt and hash.</returns>
public static PasswordHash GeneratePasswordHash(string password)
{
return(PasswordUtility.GeneratePasswordHash(password));
}
/// <summary> /// Hashes the password with a random salt, and returns the salt and hash. /// </summary> /// <param name="password">The password to be hashed.</param> /// <returns>A PasswordHash object containing the salt and hash.</returns> public static PasswordHash GeneratePasswordHash(string password) => PasswordUtility.GeneratePasswordHash(password);
