Asp.net MVC - How to Hash a Password

Question

Asp.net MVC - How to Hash a Password

How to make a hash user login (password) in the database, and then read the hashed password during login?

I believe that the solution is to hash the password during registration, where the password is stored as hashed inside db. Later, after logging in, he should not accept and compare his password with the user's password. But I do not know how to do this.

I allowed the password to have nvarchar(MAX)in db, since the hashed password is usually long.

        [Required]
        [StringLength(MAX, MinimumLength = 3, ErrorMessage = "min 3, max 50 letters")]
        public string Password { get; set; }

Registration:

        [HttpPost]
        public ActionResult Register(User user) {
            if (ModelState.IsValid) {

                        var u = new User {
                            UserName = user.UserName,                               
                            Password = user.Password
                        };

                        db.Users.Add(u);
                        db.SaveChanges();

                    return RedirectToAction("Login");
                }
            }return View();    
        }

Input:

  public ActionResult Login() {
        return View();
    }

    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult Login(User u) {
        if (ModelState.IsValid) 
        {
            using (UserEntities db = new UserEntities()) {

                //un-hash password?

                var v = db.Users.Where(a => a.UserName.Equals(u.UserName) && a.Password.Equals(u.Password)).FirstOrDefault();
                if (v != null) {

                    return RedirectToAction("Index", "Home"); //after login
                }
            }
        }return View(u);
    }

First I use a database.

+5

c # asp.net-mvc entity-framework hash

Ezony 01 Oct '16 at 1:31

source share

3 answers

, . .

- , (HMAC)

. , , . .NET .

:

using System.Security.Cryptography;
using System.Text;

//--------------------MyHmac.cs-------------------
public static class MyHmac
{
    private const int SaltSize = 32;

    public static byte[] GenerateSalt()
    {
        using (var rng = new RNGCryptoServiceProvider())
        {
            var randomNumber = new byte[SaltSize];

            rng.GetBytes(randomNumber);

            return randomNumber;

        }
    }

    public static byte[] ComputeHMAC_SHA256(byte[] data, byte[] salt)
    {
        using (var hmac = new HMACSHA256(salt))
        {
            return hmac.ComputeHash(data);
        }
    }
}



//-------------------Program.cs---------------------------
string orgMsg = "Original Message";
        string otherMsg = "Other Message";


        Console.WriteLine("HMAC SHA256 Demo in .NET");

        Console.WriteLine("----------------------");
        Console.WriteLine();

        var salt = MyHmac.GenerateSalt();

        var hmac1 = MyHmac.ComputeHMAC_SHA256(Encoding.UTF8.GetBytes(orgMsg), salt);
        var hmac2 = MyHmac.ComputeHMAC_SHA256(Encoding.UTF8.GetBytes(otherMsg), salt);


        Console.WriteLine("Original Message Hash:{0}", Convert.ToBase64String(hmac1));
        Console.WriteLine("Other Message Hash:{0}", Convert.ToBase64String(hmac2));

. . . , . .

+3

Farukh 01 . '16 5:45

Use System.Web.Helpers.CryptoMicrosoft's NuGet package .

You var hash = Crypto.HashPassword("foo");password as follows:var hash = Crypto.HashPassword("foo");

You verify the password as follows: var verified = Crypto.VerifyHashedPassword(hash, "foo");

+1

Kai hartmann Jul 23 '19 at 7:51

source share

Mike Nakis · Accepted Answer · 2016-10-01T01:39:23+0000

. A - .

( , . , , . , , .)

, , .

, , .
, ( ) , , .

, , , " ", : ; , . reset.

, interwebz , : MD5 (MSDN); SHA-256 (MSDN); SHA-512 (MSDN)

Asp.net MVC - How to Hash a Password

More articles: