In this article, you’ll learn Hashing In ASP.NET Core application on the .NET Core framework. when you’re dealing with people’s information. for example, you have a website that has user accounts on the Shopping website or whatever store. the password safely is very important Hashing In ASP.NET Core. the password is very important because most people use the same password across different types of services online. and if you don’t hash it properly if or attacker grabs the database.
When you’re hashing passwords it’s not good enough to store them in the database using a simple hash MD5, SHA-1, SHA-224, SHA-256 because when you create a hash, it has the same output. It means to say is that the output never changes for the hash and if you have a user base of or thousands or say millions of people chances are that that quite a few people are going to have the same password and if you actually have a hash with not your security.
So, we’re going to be dealing with salting and hashing the passwords salting is basically adding a random string of bytes to a user’s password. so that if two people user A and user B have the word dog as a password which is a very terrible password with the random salt. they’ll be creating for each one it will come out hash differently in the database so if one person is compromised then the other person is not but, of course, you want to choose a stronger password one that’s longer than mixes a match’s numbers with lowercase uppercase special characters.
Let’s go, ahead and start creating some simple hash and create the salt function you can define the size of the actual salt.
How to use Hash Data
The new Data Protection .NET Core API includes functionality to create hashes utilizing the PBKDF2algorithm. ASP.NET Core utilizes this in the background scenes functionality in PasswordHasher class, which is used in ASP.NET Core Identity.
Create a class library and add the following NuGet package –
Using Namespace Microsoft.AspNetCore.Cryptography.KeyDerivation and Add a class to encapsulate the Hashing In ASP.NET Core logic.
public class Hash
{
public static string Create(string value, string salt)
{
var valueBytes = KeyDerivation.Pbkdf2(
password: value,
salt: Encoding.UTF8.GetBytes(salt),
prf: KeyDerivationPrf.HMACSHA512,
iterationCount: 10000,
numBytesRequested: 256 / 8);
return Convert.ToBase64String(valueBytes);
}
public static bool Validate(string value, string salt, string hash)
=> Create(value, salt) == hash;
}
Add a class following to encapsulate the logic for creating a random salt.
public class Salt
{
public static string Create()
{
byte[] randomBytes = new byte[128 / 8];
using (var generator = RandomNumberGenerator.Create())
{
generator.GetBytes(randomBytes);
return Convert.ToBase64String(randomBytes);
}
}
}After that, Add tests to verify the functionality, e.g,
public void Untampered_hash_matches_the_text()
{
// Arrange
var message = "passw0rd";
var salt = Salt.Create();
var hash = Hash.Create(message, salt);
// Act
var match = Hash.Validate(message, salt, hash);
// Assert
Assert.True(match);
}
[Fact(DisplayName = "Tampered_hash_does_not_matche_the_text")]
public void Tampered_hash_does_not_matche_the_text()
{
// Arrange
var message = "passw0rd";
var salt = Salt.Create();
var hash = "blahblahblah";
// Act
var match = Hash.Validate(message, salt, hash);
// Assert
Assert.False(match);
}
[Fact(DisplayName = "Hash_of_two_different_messages_dont_match")]
public void Hash_of_two_different_messages_dont_match()
{
// Arrange
var message1 = "passw0rd";
var message2 = "password";
var salt = Salt.Create();
// Act
var hash1 = Hash.Create(message1, salt);
var hash2 = Hash.Create(message2, salt);
// Assert
Assert.True(hash1 != hash2);
} 