'Not a valid Base64 String when verifying hashed password

Question

So I'm running the following setup once a user logs in:

When a new user is created, the password gets a generated hash and is concatenated with newly generated Salt. The HashedPassword + Salt is stored in a column separate from the Salt column. I then call method VerifyHashedPassword(string storedHashedPass, String password) storedHashedPass is the stored hashed password (with the salt) and password is the plaintext password the user has entered at login with the concatenation of the salt retrieved from storage.

But when I try and implement this, it throws 'System.FormatException'

can anyone help me figure out what I'm doing wrong?

 public static bool VerifyHashedPassword(string hashPassword, String password)
 {
      return System.Web.Helpers.Crypto.VerifyHashedPassword(hashPassword, password);
 }

 public static string GetSalt()
 {
      var random = new RNGCryptoServiceProvider();

      int max_length = 32;

      byte[] salt = new byte[max_length];

      random.GetNonZeroBytes(salt);

      return Convert.ToBase64String(salt);
  }

 public static string hashPassword(string password)
 {
      return System.Web.Helpers.Crypto.HashPassword(password ?? "");
 }

Answer 1

The HashedPassword + Salt is stored in a column

That is probably the root problem. You don't need to provide or handle a Salt. See this answer.
You should not need a GetSalt() method.

You can't simply concatenate 2 base64 strings, the decoder doesn't know how to handle that.

Answer 2

The Base64 format stores 6 bits per character. Which, as bytes are 8 bits, sometimes some padding is needed at the end. One or two = characters are appended. = is not otherwise used.

If you concatenate two Base64 strings at the join there maybe some padding. Putting padding in the middle of a Base64 string is not valid.

Instead concatenate the byte arrays, and then encode.