3

I'm using default asp.net mvc 4 membership system. User sends his username and password over ASP.NET Web API in plain text.

So I have his plain password, How to compare it with stored hashed password?

Is there a function takes a string and compares it with hashed one?

Improve this question
1

2 Answers 2

Reset to default
6

You have to make sure that your web.config is properly setup to use membership. http://msdn.microsoft.com/en-us/library/6e9y4s5t%28v=vs.100%29.aspx

Also, I make sure to create a MachineKey in your web.config as well. http://msdn.microsoft.com/en-us/library/ff649308.aspx

The code that you would put in your controller would be similar to:

[HttpPost] public ActionResult Login(AuthenticationModel model, string returnUrl) { if (ModelState.IsValid) { if (Membership.ValidateUser(model.Username, model.Password)) { FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe); if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } } } }

With your model being similar to:

 public class AuthenticationModel { [Required] [Display(Name = "Username")] public string UserName { get; set; } [Required] [DataType(DataType.Password)] [Display(Name = "Password")] public string Password { get; set; } [Display(Name = "Remember Me?")] public bool RememberMe { get; set; } }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Well I had a similar request, and what I accomplished was store the password using 64-byte field then I generated a 32-byte salt and 32-byte hash, then extracted salt from DB and encoded the same username using that salt and if the resultant object is equal to the one in DB

This is the Method I used

 public static bool IsPasswordValid(string plainPassword, byte[] data) { var prf = KeyDerivationPrf.HMACSHA512; var saltBytes = new byte[saltSize]; var hashBytes = new byte[hashSize]; Array.Copy(data, 0, saltBytes, 0, saltSize); Array.Copy(data, saltSize, hashBytes, 0, hashSize); var verificationHashBytes = KeyDerivation.Pbkdf2(plainPassword, saltBytes, prf, iterationCount, hashSize); return hashBytes.SequenceEqual(verificationHashBytes); }
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.