How to match hash with salt password login in c#
public static class EncryptionUtilities
{
private const int SALT_SIZE = 8;
private const int NUM_ITERATIONS = 1000;
private static readonly RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
/// <summary>
/// Creates a signature for a password.
/// </summary>
/// <param name="password">The password to hash.</param>
/// <returns>the "salt:hash" for the password.</returns>
public static string CreatePasswordSalt(string password)
{
byte[] buf = new byte[SALT_SIZE];
rng.GetBytes(buf);
string salt = Convert.ToBase64String(buf);
Rfc2898DeriveBytes deriver2898 = new Rfc2898DeriveBytes(password.Trim(), buf, NUM_ITERATIONS);
string hash = Convert.ToBase64String(deriver2898.GetBytes(16));
return salt + ':' + hash;
}
/// <summary>
/// Validate if a password will generate the passed in salt:hash.
/// </summary>
/// <param name="password">The password to validate.</param>
/// <param name="saltHash">The "salt:hash" this password should generate.</param>
/// <returns>true if we have a match.</returns>
public static bool IsPasswordValid(string password, string saltHash)
{
string[] parts = saltHash.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries);
if (parts.Length != 2)
return false;
byte[] buf = Convert.FromBase64String(parts[0]);
Rfc2898DeriveBytes deriver2898 = new Rfc2898DeriveBytes(password.Trim(), buf, NUM_ITERATIONS);
string computedHash = Convert.ToBase64String(deriver2898.GetBytes(16));
return parts[1].Equals(computedHash);
}
}
protected void Button1_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "select * from tb_employees where emp_email = @emp_email and emp_password = @emp_password";
cmd.Parameters.AddWithValue("@emp_email", TextBox1.Text);
cmd.Parameters.AddWithValue("@emp_password", EncryptionUtilities.IsPasswordValid(TextBox2.Text.ToString(), TextBox2.Text));
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
Response.Write("success");
}
dr.Close();
dr.Dispose();
con.Close();
}