I am following an example on how to create and verify a secured password with PBKDF2 which I found from this
website
What I have tried:
I created a class called "HashCode" which I am accessing from the registration and login form and I am able to hash and salt the password during user registration and it works just fine.
Here is the code that hash and salt the password:
class HashCode
{
public string GetHashPassword(string password)
{
string hashPass = string.Empty;
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[20]);
var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 100000);
byte[] hash = pbkdf2.GetBytes(20);
byte[] hashBytes = new byte[40];
Array.Copy(salt, 0, hashBytes, 0, 20);
Array.Copy(hash, 0, hashBytes, 20, 20);
hashPass = Convert.ToBase64String(hashBytes);
return hashPass;
}
And this is how I insert in it into the database:
command.Parameters.AddWithValue("@Password", hc.GetHashPassword(TxtBox_Password.Text));
Here is the code that Verifies the user's login password:
public bool IsValidPassword(string password, string hashPass)
{
bool result = true;
byte[] hashBytes = Convert.FromBase64String(hashPass);
byte[] salt = new byte[20];
Array.Copy(hashBytes, 0, salt, 0, 20);
var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 100000);
byte[] hash = pbkdf2.GetBytes(20);
for (int i = 0; i < 20; i++)
{
if (hashBytes[i + 20] != hash[i])
{
throw new UnauthorizedAccessException();
}
}
return result;
}
And on my LoginForm I have:
command.Parameters.AddWithValue("@Password", hc.IsValidPassword(TxtBox_Password.Txt));
But it's not working. Any help would be so much appreciated!