Reputation: 13
Hash passwords using crypto and then save to database
Currently i have this code
// POST: users/Create
// To protect from overposting attacks, please enable the specific properties you want to bind to, for
// more details see http://go.microsoft.com/fwlink/?LinkId=317598.
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create([Bind(Include = "id,naam,wachtwoord,email,isadmin")] user user)
{
user.wachtwoord = Crypto.HashPassword(user.wachtwoord);
if (ModelState.IsValid)
{
db.users.Add(user);
db.SaveChanges();
return RedirectToAction("Index");
}
return View(user);
}
now it breaks if i use the user.wachtwoord=crypto.hashpassword
now my question is in this case whats the proper way to save a user password trough the httppost method and also how can i later unhash the password on a login controller?
Greetings
Upvotes: 1
Views: 339
Answers (2)
Reputation: 1969
Why don't you consider ASP.NET Identity? There you get this out of the box.
Upvotes: 0
Reputation: 453
IF you want to implement a custom solution, one could be: using a one way hashing algorithm with a salt and storing that value in a users table as the user password. You wouldn't be "unhashing" the password on the login controller, you would hash the password that the user has provided in the login controller with the salt and you would compare with the one in the DB (or the repository where you saved the user credentials).
Upvotes: 1
Related Questions
- How to hash users passwords?
- Changing Storage of Password to Storing of Hashes in C# Forms
- SQL hashing a password
- Hashing Passwords With ASP.NET MVC 3
- How to store salted hashed password in the database
- How to encrypt a password (asp.net c#)
- Hash encrypting password when inserting into database
- C# Encrypted Password
- How to hash a password and save into a database table?
- Hashing User Passwords