/// <summary> /// Hashes the password. /// </summary> /// <param name="userData">The user data.</param> /// <param name="password">The password.</param> /// <param name="passwordConfirm">The password confirm.</param> private static void HashPassword(UserData userData, string password, string passwordConfirm) { // TODO: Enforce password policy // throw new ApplicationException("Password does not meet strength requirements or do not match so hash could not be generated"); userData.PasswordSalt = GenerateSalt(); userData.PasswordHash = HashPasswordWithSalt(password, userData.PasswordSalt); }
private bool ConfirmPassword(UserData userData, string password) { if (userData.PasswordHash == null || userData.PasswordHash.Length == 0) return true; return userData.PasswordHash.SequenceEqual(HashPasswordWithSalt(password, userData.PasswordSalt)); }