HashPassword во время входа в систему ⇐ C#

[Anonymous]

Код: Выделить всё

public async Task CheckPasswordAsync(Users user, string password)  {
if (user == null || string.IsNullOrEmpty(password))
{
return false;
}

// Assuming the password hash is a single Base64 encoded string containing both salt and hash
var storedHashBytes = Convert.FromBase64String(user.Password);  // Decode the stored Base64 string

// Check if the stored password is in the expected format (salt + hash)
int saltLength = 16;  // Typical salt length for PBKDF2 (16 bytes)

// Ensure we have enough bytes to extract the salt and hash
if (storedHashBytes.Length < saltLength)
{
throw new InvalidOperationException("Stored password hash is too short.");
}

// Extract salt (first 16 bytes)
byte[] salt = new byte[saltLength];
Buffer.BlockCopy(storedHashBytes, 0, salt, 0, saltLength);  // First part is the salt

// The rest of the bytes are the hash
byte[] storedPasswordHash = new byte[storedHashBytes.Length - saltLength];
Buffer.BlockCopy(storedHashBytes, saltLength, storedPasswordHash, 0, storedPasswordHash.Length);  // Rest is the hash

// Hash the entered password using the extracted salt
using (var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 10000))  // 10000 iterations as an example
{
var enteredPasswordHash = pbkdf2.GetBytes(storedPasswordHash.Length);  // Generate hash with the same length

// Compare the hashes (entered and stored)
return storedPasswordHash.SequenceEqual(enteredPasswordHash);  // Returns true if hashes match
}

}

Он всегда возвращает несовпадающий пароль. Он хранится в зашифрованном виде в базе данных, но время входа в систему не совпадает с этим паролем.

Подробнее здесь: https://stackoverflow.com/questions/791 ... e-of-login