Reputation: 1372
Save password securely in database in .NET Core 6.0
I am working on an ASP.NET Core 6 Web API with C#. Currently a function in my controller takes a plain text password submitted by the user along with other information and saves it into a Users table.
How can I save the password securely instead of plain text? I am looking for a simple but secure solution. Are there any functions which simply generate a unique password hash which I can then save to the database?
For example :
user.Password = hash(request.password);
I have search older similar questions but as all the answers seem several years old I felt it may be worth while seeking out more current thoughts on this.
Upvotes: 1
Views: 1931
Answers (1)
Reputation: 151720
It's for user registration, therefore I would need to send the username and password to register to the API, which should store it securely in the database
In that case, use ASP.NET Identity. It provides you with user tables in your database, and a C# API to create and log in users.
Then to let users register using an API call: create a controller that accepts a registration request along with the appropriate model, and call UserManager.CreateAsync(model.Email, model.Password).
Make sure to rate limit and monitor the endpoint to prevent abuse, as you won't have XHR or CAPTHCHA capabilities like a browser UI can have.
Upvotes: 2
Related Questions
- where to store database credentials in an ASP.NET core web api project
- How do I store passwords to my mailfunciton in ASP.NET Core 3.1
- storing passwords in sql server database using ef core code first
- Store a password on .Net Core like ASP.Net WebSecurity
- Temporary save password in db ASP.NET Core
- How to save the Password in C# .NET?
- C# How to store password in application
- How to Store Password? Forms Authentication
- how to store database password
- ASP.NET Sql Server 2008 How to store password in database