Asp.net Identity Provide Default password hash, but now we will see that how to create custom password hash with salt key using crypto class which provided by Asp.Net Framework.
namespace of crypto class is
“Crypto” class by default there in Web Application but if you want to use this in Console or Window application then download it from Nuget Package Manager search : System.Web.Helpers.Crypto
now lets see how its works :
string password = "Welcome@123"; // sample password string salt = Crypto.GenerateSalt(); // salt key password = password + salt; string hashedPassword = Crypto.HashPassword(password);
store this generated hashedPassword and salt in database. at the time of verification you need to get salt key and hashed password from database and then verify entered password using VerifyHashedPassword method.
see example below:
// First parameter is the previously hashed string using a Salt string salt = "agftwjd128"; //read from database string HashedPass = "cbdr45/shdysndys"; //read from database string PlainPass= "Welcome@123"; PlainPass = PlainPass + salt; // append salt key bool result = Crypto.VerifyHashedPassword(HashedPass, PlainPass); //verify password
Crypto class has other methods :
Crypto.Hash() Crypto.SHA1() Crypto.SHA256()
these all method can be use for encryption but ideally you should not for password because suppose you have entered “Welcome@123” as password then it will generate the same encrypted string for password, however Crypto.HashPassword() generate new encrypted string for the same password, so whether it is different or same password it will generate new Encrypted string every time.
Output will look like this:
The best way to encrypt password is encrypt using HashPassword appending salt key to it make it more secure, once its encrypted it is impossible to convert back to plain password.