Storing passwords as plain text is dangerous. Instead, you should hash them using a strong, slow hashing algorithm like BCrypt, which includes built-in salting and resistance to brute-force attacks.
Step 1: Install BCrypt NuGet Package
Before using BCrypt, install the BCrypt.Net-Next package:
dotnet add package BCrypt.Net-Next
or via NuGet Package Manager:
Install-Package BCrypt.Net-Next
Step 2: Hash a Password
Use BCrypt.HashPassword() to securely hash a password before storing it:
using BCrypt.Net; string password = "mySecurePassword123"; string hashedPassword = BCrypt.HashPassword(password); Console.WriteLine(hashedPassword); // Output: $2a$12$...
Step 3: Verify a Password
To check a user's login attempt, use BCrypt.Verify():
bool isMatch = BCrypt.Verify("mySecurePassword123", hashedPassword); Console.WriteLine(isMatch); // Output: True
Ensuring proper hashing should be at the top of your list when it comes to building authentication systems.
Closing a SqlDataReader correctly prevents memory leaks, connection issues, and unclosed resources. Here’s the best way to do it.
Using using statements ensures SqlDataReader and SqlConnection are closed even if an exception occurs.
Example
using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); using (SqlCommand cmd = new SqlCommand("SELECT * FROM Users", conn)) using (SqlDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) { Console.WriteLine(reader["Username"]); } } // ✅ Auto-closes reader here } // ✅ Auto-closes connection here
This approach auto-closes resources when done and it is cleaner and less error-prone than manual closing.
If you need explicit control, you can manually close it inside a finally block.
SqlDataReader? reader = null; try { using SqlConnection conn = new SqlConnection(connectionString); conn.Open(); using SqlCommand cmd = new SqlCommand("SELECT * FROM Users", conn); reader = cmd.ExecuteReader(); while (reader.Read()) { Console.WriteLine(reader["Username"]); } } finally { reader?.Close(); // ✅ Closes reader if it was opened }
This is slightly more error prone if you forget to add a finally block. But might make sense when you need to handle the reader separately from the command or connection.
Measuring the execution time of C# methods is essential for performance optimization and identifying bottlenecks in your application.
The most straightforward approach uses the Stopwatch class from the System.Diagnostics namespace, which provides high-precision timing capabilities.
Stopwatch
System.Diagnostics
This approach is perfect for quick performance checks during development or when troubleshooting specific methods in production code.
Here's a practical example: Imagine you have a method that processes a large dataset and you want to measure its performance.
First, add using System.Diagnostics; to your imports. Then implement timing as shown below:
using System.Diagnostics;
public void MeasurePerformance() { Stopwatch stopwatch = new Stopwatch(); // Start timing stopwatch.Start(); // Call the method you want to measure ProcessLargeDataset(); // Stop timing stopwatch.Stop(); // Get the elapsed time Console.WriteLine($"Processing time: {stopwatch.ElapsedMilliseconds} ms"); // Or use ElapsedTicks for higher precision Console.WriteLine($"Processing ticks: {stopwatch.ElapsedTicks}"); }
For more advanced scenarios, consider using the BenchmarkDotNet library, which offers comprehensive benchmarking with statistical analysis.
BenchmarkDotNet
Simply install the NuGet package, decorate methods with the [Benchmark] attribute, and run BenchmarkRunner.Run<YourBenchmarkClass>() to generate detailed reports comparing different implementation strategies.
[Benchmark]
BenchmarkRunner.Run<YourBenchmarkClass>()
Raw string literals in C# provide a flexible way to work with multiline strings, with some interesting rules around how quotes work.
The key insight is that you can use any number of double quotes (three or more) to delimit your string, as long as the opening and closing sequences have the same number of quotes.
"""
// Three quotes - most common usage string basic = """ This is a basic multiline string """; // Four quotes - when your content has three quotes string withThreeQuotes = """" Here's some text with """quoted""" content """"; // Five quotes - when your content has four quotes string withFourQuotes = """"" Here's text with """"nested"""" quotes """""; // Six quotes - for even more complex scenarios string withFiveQuotes = """""" Look at these """""nested""""" quotes! """""";
The general rule is that if your string content contains N consecutive double quotes, you need to wrap the entire string with at least N+1 quotes. This ensures the compiler can properly distinguish between your content and the string's delimiters.
// Example demonstrating the N+1 rule string example1 = """ No quotes inside """; // 3 quotes is fine string example2 = """" Contains """three quotes""" """"; // Needs 4 quotes (3+1) string example3 = """"" Has """"four quotes"""" """""; // Needs 5 quotes (4+1)
// Indentation example string properlyIndented = """ { "property": "value", "nested": { "deeper": "content" } } """; // This line's position determines the indentation
This flexibility with quote counts makes raw string literals extremely versatile, especially when dealing with content that itself contains quotes, like JSON, XML, or other structured text formats.
Register for my free weekly newsletter.