Manually hashing password the same as ASP.NET Identity v2.2.1 -
i have asp.net web api makes use of asp.net identity v2.2.1 manage users. able add/edit users without issue. however, have second project cannot make use of api needs able change users
password directly via database.
i trying figure out how hash password entered user without going through api. need make sure using same hashing algorithm asp.net identity using. came across code in this article not sure if same hashing algorithm used v2.2.1.
using using system.security.cryptography; public static string hashpassword(string password) { private const int pbkdf2itercount = 1000; // default rfc2898derivebytes private const int pbkdf2subkeylength = 256 / 8; // 256 bits private const int saltsize = 128 / 8; // 128 bits if (password == null) { throw new argumentnullexception("password"); } // produce version 0 (see comment above) text hash. byte[] salt; byte[] subkey; using (var derivebytes = new rfc2898derivebytes(password, saltsize, pbkdf2itercount)) { salt = derivebytes.salt; subkey = derivebytes.getbytes(pbkdf2subkeylength); } var outputbytes = new byte[1 + saltsize + pbkdf2subkeylength]; buffer.blockcopy(salt, 0, outputbytes, 1, saltsize); buffer.blockcopy(subkey, 0, outputbytes, 1 + saltsize, pbkdf2subkeylength); return convert.tobase64string(outputbytes); }
i avoid having add asp.net identity dependency project hence why hash
password manually.
i recommend use simplecrypto
this how i've used in project believe you. 1 can add dll
nuget
[httppost] public actionresult register(registerviewmodel model) { try { if (modelstate.isvalid) { { var crypto = new simplecrypto.pbkdf2(); var encryppass = crypto.compute(model.password); var newuser = db.users.create(); newuser.email = model.email; newuser.password = encryppass; newuser.passwordsalt = crypto.salt; // newuser.name = model.username; newuser.username = model.username; //newuser.addedby = model.; db.users.add(newuser); db.savechanges(); return redirecttoaction("index", "home"); } } else { modelstate.addmodelerror("", ""); } } catch (dbentityvalidationexception e) { foreach (var eve in e.entityvalidationerrors) { console.writeline("entity of type \"{0}\" in state \"{1}\" has following validation errors:", eve.entry.entity.gettype().name, eve.entry.state); foreach (var ve in eve.validationerrors) { console.writeline("- property: \"{0}\", error: \"{1}\"", ve.propertyname, ve.errormessage); } } throw; } return view(); }
your valid check @ login
private bool isvalid(string email, string password) { var crypto = new simplecrypto.pbkdf2(); bool isvalid = false; { var user = db.users.firstordefault(u => u.email == email); if (user != null) { if (user.password == crypto.compute(password, user.passwordsalt)) { isvalid = true; } } } return isvalid; }
Comments
Post a Comment