0

I'm using ASP.NET Core 2.2 with EF Core. I have a User class which looks like this:

public class User : IdentityUser
{
    public string FirstName { get; set; }

    public string LastName { get; set; }
}

I would like to add a PIN property which will act as a secondary password for extra-secure operations. The user logs into the system, but if he wants to do something more special (like send money), he will be prompted to enter his PIN.

My question is what is the most easy way to hash a string, so I don't store the PIN in plain text in the db?

Reath
  • 491
  • 5
  • 16
  • There is plenty of questions on SO about how to encrypt a string. See, for instance: https://stackoverflow.com/questions/10168240/encrypting-decrypting-a-string-in-c-sharp – tocqueville Mar 12 '19 at 15:03
  • 1
    @tocqueville Why do you think the OP needs encryption, when they specifically mentioned they want to hash the string? – nvoigt Mar 12 '19 at 16:34
  • Possible duplicate of [Encrypting & Decrypting a String in C#](https://stackoverflow.com/questions/10168240/encrypting-decrypting-a-string-in-c-sharp) – thewaywewere Mar 13 '19 at 05:11

1 Answers1

3

You can use the IPasswordHasher interface , when the user registers , you can create the password hash that will be stored in the database(PIN property) , when you need to verfiy , to hash the provided password/PIN and compare it to the stored hash .

For example , use DI to involve the extension :

public readonly IPasswordHasher<ApplicationUser> _passwordHasher;
public HomeController(IPasswordHasher<ApplicationUser> passwordHasher )
{
    _passwordHasher = passwordHasher;
}

To create a hashed password :

var hasedPassword = _passwordHasher.HashPassword(null,"Password");

To verify :

var successResult = _passwordHasher.VerifyHashedPassword(null, hasedPassword , "Password");

You can also refer to document : Hash passwords in ASP.NET Core.

Nan Yu
  • 26,101
  • 9
  • 68
  • 148