ThatSoftwareDude
Building the web since 2008

Menu

Newsletter
Services

Resources

Contact

Popular tags

#.NET
#5 minute guide
#AI
#Android
#API
#ASP.NET
#Bootcamps
#Business
#C#
#Career
#ChatGPT
#Coding
#Computer Science
#css
#CSS
#CSS3
#Database
#ES6
#Gadgets
#Game Development
#Guide
#Hardware
#HTML5
#Interviews
#IT
#Javascript
#Javascript
#Learning to code
#Module
#NodeJS
#Performance
#Productivity
#Programming
#Security
#SQL
#Startup
#Surface
#Web Design
#Web Development
#Windows

How to MD5 Hash in C#

Creating an MD5 hash in C# is straightforward using the built-in cryptography libraries.

Best Practice: Use System.Security.Cryptography.MD5 for string or file hashing.

Example

using System;
using System.Security.Cryptography;
using System.Text;

string ComputeMD5Hash(string input)
{
    using (MD5 md5 = MD5.Create())
    {
        byte[] inputBytes = Encoding.UTF8.GetBytes(input);
        byte[] hashBytes = md5.ComputeHash(inputBytes);
        
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < hashBytes.Length; i++)
        {
            sb.Append(hashBytes[i].ToString("x2"));
        }
        
        return sb.ToString();
    }
}

Why use MD5.Create()? Creates a cryptographic service provider that calculates MD5 hashes efficiently.

Alternative: Hash a File (More Common Use Case)

For scenarios where you need to hash the contents of a file:

using System;
using System.IO;
using System.Security.Cryptography;

string ComputeFileMD5(string filePath)
{
    using (var md5 = MD5.Create())
    using (var stream = File.OpenRead(filePath))
    {
        byte[] hashBytes = md5.ComputeHash(stream);
        
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < hashBytes.Length; i++)
        {
            sb.Append(hashBytes[i].ToString("x2"));
        }
        
        return sb.ToString();
    }
}

Why hash files this way? Streams the file content directly through the hash algorithm without loading the entire file into memory.

Security Note

⚠️ Caution: MD5 is considered cryptographically broken and unsuitable for security purposes. For security-sensitive applications, use SHA-256 or better:

using (SHA256 sha256 = SHA256.Create())
{
    // Use the same pattern as MD5 examples
    // Just replace MD5.Create() with SHA256.Create()
}

MD5 is still useful for non-security purposes like checksums and data verification.

0
344
c#
security

Related

Storing passwords as plain text is dangerous. Instead, you should hash them using a strong, slow hashing algorithm like BCrypt, which includes built-in salting and resistance to brute-force attacks.

Step 1: Install BCrypt NuGet Package

Before using BCrypt, install the BCrypt.Net-Next package:

dotnet add package BCrypt.Net-Next

or via NuGet Package Manager:

Install-Package BCrypt.Net-Next

Step 2: Hash a Password

Use BCrypt.HashPassword() to securely hash a password before storing it:

using BCrypt.Net;

string password = "mySecurePassword123";
string hashedPassword = BCrypt.HashPassword(password);

Console.WriteLine(hashedPassword); // Output: $2a$12$...

Step 3: Verify a Password

To check a user's login attempt, use BCrypt.Verify():

bool isMatch = BCrypt.Verify("mySecurePassword123", hashedPassword);
Console.WriteLine(isMatch); // Output: True

Ensuring proper hashing should be at the top of your list when it comes to building authentication systems.

3
270
c#
security
cryptography

String interpolation, introduced in C# 6.0, provides a more readable and concise way to format strings compared to traditional concatenation (+) or string.Format(). Instead of manually inserting variables or placeholders, you can use the $ symbol before a string to directly embed expressions inside brackets.

string name = "Walt";
string job = 'Software Engineer';

string message = $"Hello, my name is {name} and I am a {job}";
Console.WriteLine(message);

This would produce the final output of:

Hello, my name is Walt and I am a Software Engineer

String interpolation can also be chained together into a multiline string (@) for even cleaner more concise results:

string name = "Walt";
string html = $@"
    <div>
        <h1>Welcome, {name}!</h1>
    </div>";
37
148
c#

Primary constructors, introduced in C# 12, offer a more concise way to define class parameters and initialize fields.

This feature reduces boilerplate code and makes classes more readable.

Traditional Approach vs Primary Constructor

Before primary constructors, you would likely write something like the following:

public class UserService
{
    private readonly ILogger _logger;
    private readonly IUserRepository _repository;

    public UserService(ILogger logger, IUserRepository repository)
    {
        _logger = logger;
        _repository = repository;
    }

    public async Task<User> GetUserById(int id)
    {
        _logger.LogInformation("Fetching user {Id}", id);
        return await _repository.GetByIdAsync(id);
    }
}

With primary constructors, this becomes:

public class UserService(ILogger logger, IUserRepository repository)
{
    public async Task<User> GetUserById(int id)
    {
        logger.LogInformation("Fetching user {Id}", id);
        return await repository.GetByIdAsync(id);
    }
}

Key Benefits

  1. Reduced Boilerplate: No need to declare private fields and write constructor assignments
  2. Parameters Available Throughout: Constructor parameters are accessible in all instance methods
  3. Immutability by Default: Parameters are effectively readonly without explicit declaration

Real-World Example

Here's a practical example using primary constructors with dependency injection:

public class OrderProcessor(
    IOrderRepository orderRepo,
    IPaymentService paymentService,
    ILogger<OrderProcessor> logger)
{
    public async Task<OrderResult> ProcessOrder(Order order)
    {
        try
        {
            logger.LogInformation("Processing order {OrderId}", order.Id);
            
            var paymentResult = await paymentService.ProcessPayment(order.Payment);
            if (!paymentResult.Success)
            {
                return new OrderResult(false, "Payment failed");
            }

            await orderRepo.SaveOrder(order);
            return new OrderResult(true, "Order processed successfully");
        }
        catch (Exception ex)
        {
            logger.LogError(ex, "Failed to process order {OrderId}", order.Id);
            throw;
        }
    }
}

Tips and Best Practices

  1. Use primary constructors when the class primarily needs dependencies for its methods
  2. Combine with records for immutable data types:
public record Customer(string Name, string Email)
{
    public string FormattedEmail => $"{Name} <{Email}>";
}
  1. Consider traditional constructors for complex initialization logic

Primary constructors provide a cleaner, more maintainable way to write C# classes, especially when working with dependency injection and simple data objects.

1
70
c#
Ad - Managed WordPress Hosting from SiteGround - Powerful, yet simple to use. Click to learn more.

Popular Questions

How To Count on Distinct Column Values In SQL Server
1
118
sql
How do I add a comma to an integer in c#
4
444
c#
How to Only Read the First N Lines of a File in C#
2
225
c#
How to Hash Passwords in C# Using BCrypt for Enhanced Security
3
270
c#
security
cryptography
How to Read a File Line by Line in C#?
4
297
c#
How to Use Lazy Loading in React for Faster Performance
1
104
React
How to Format Numbers as Currency in C#
1
901
c#
How do Raw String Literals Work in C#
2
75
c#
How to Calculate the Difference Between Two Dates in C#
4
582
c#
How to Parse CSV Files in C#: A Quick Guide
28
608
c#