Storing passwords as plain text is dangerous. Instead, you should hash them using a strong, slow hashing algorithm like BCrypt, which includes built-in salting and resistance to brute-force attacks.
Step 1: Install BCrypt NuGet Package
Before using BCrypt, install the BCrypt.Net-Next package:
dotnet add package BCrypt.Net-Next
or via NuGet Package Manager:
Install-Package BCrypt.Net-Next
Step 2: Hash a Password
Use BCrypt.HashPassword() to securely hash a password before storing it:
using BCrypt.Net;
string password = "mySecurePassword123";
string hashedPassword = BCrypt.HashPassword(password);
Console.WriteLine(hashedPassword); // Output: $2a$12$...
Step 3: Verify a Password
To check a user's login attempt, use BCrypt.Verify():
bool isMatch = BCrypt.Verify("mySecurePassword123", hashedPassword);
Console.WriteLine(isMatch); // Output: True
Ensuring proper hashing should be at the top of your list when it comes to building authentication systems.
Stay Sharp. Weekly Insights.
New posts, framework updates and weekly software conversations.
No spam. Unsubscribe anytime.
Walt is a software engineer, startup founder and previous mentor for a coding bootcamp. He has been creating software for the past 20+ years.